CVE-2016-4575
MEDIUMHuawei PLK ATH CherryPlus RIO Firmware - Stored Cross-Site Scripting via Email Message
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en
Scores
CVSS v3
6.1
EPSS
0.0012
EPSS Percentile
29.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (12)
huawei/ath
huawei/ath_firmware
al00c00
huawei/ath_firmware
cl00c92
huawei/ath_firmware
tl00hc01
huawei/ath_firmware
ul00c00
huawei/cherryplus
huawei/cherryplus_firmware
tl00c00
huawei/cherryplus_firmware
tl00mc01
huawei/cherryplus_firmware
ul00c00
huawei/plk_firmware
al10c00
... and 2 more
Published
May 25, 2016
Tracked Since
Feb 18, 2026