CVE-2016-4575
MEDIUMHuawei Ath Firmware - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Scores
CVSS v3
6.1
EPSS
0.0012
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (12)
huawei/ath_firmware
huawei/ath_firmware
huawei/ath_firmware
huawei/ath_firmware
huawei/ath
huawei/rio_firmware
huawei/plk_firmware
huawei/plk_firmware
huawei/cherryplus_firmware
huawei/cherryplus_firmware
huawei/cherryplus_firmware
huawei/cherryplus
Timeline
Published
May 25, 2016
Tracked Since
Feb 18, 2026