CVE-2015-2347
Huawei SEQ Analyst < V200R002C03LG0001CP0022 - Cross-Site Scripting via req Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/.
References (4)
Core 4
Core References
Exploit x_refsource_misc
https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3bmY3Y0lPUHVLNm9VTUlFcWhYTHlZSUU&usp=sharing
Exploit x_refsource_misc
http://packetstormsecurity.com/files/131460/Huawei-SEQ-Analyst-Cross-Site-Scripting.html
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/43
Scores
EPSS
0.0015
EPSS Percentile
35.9%
Details
CWE
CWE-79
Status
published
Products (1)
huawei/seq_analyst
< v200r002c03lg0001spc100
Published
May 08, 2015
Tracked Since
Feb 18, 2026