Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 25/05/2016 Updated: 26/05/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote malicious users to inject arbitrary web script or HTML via an email message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
huawei ath_firmware cl00c92
huawei ath_firmware al00c00
huawei ath_firmware tl00hc01
huawei ath_firmware ul00c00
huawei ath -
huawei rio_firmware al00c00
huawei plk_firmware al10c00
huawei plk_firmware al10c92
huawei cherryplus_firmware tl00c00
huawei cherryplus_firmware ul00c00
huawei cherryplus_firmware tl00mc01
huawei cherryplus -

CWE-79 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4575

Vulnerability Summary

References

Vulmon Search

About

Products

Connect