CVE-2014-2968

Huawei E355 Web UI - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.

References (1)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/688812

Scores

EPSS 0.0042

EPSS Percentile 61.8%

Details

CWE

CWE-79

Status published

Products (4)

huawei/e355_web_ui

huawei/e355_firmware

huawei/e355

n/a/n/a

Published Jul 24, 2014

Tracked Since Feb 18, 2026