CVE-2017-15312
MEDIUMHuawei SmartCare V200R003C10 - Authenticated Stored Cross-Site Scripting in Dashboard Module
Title source: llmDescription
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en
Scores
CVSS v3
5.4
EPSS
0.0008
EPSS Percentile
22.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
huawei/smartcare
v200r003c10
Huawei Technologies Co., Ltd./SmartCare
V200R003C10
Published
Dec 22, 2017
Tracked Since
Feb 18, 2026