6.1
CVE-2016-4575
- EPSS 0.12%
- Published 25.05.2016 15:59:06
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ Ath Firmware Versional00c00
Huawei ≫ Ath Firmware Versioncl00c92
Huawei ≫ Ath Firmware Versiontl00hc01
Huawei ≫ Ath Firmware Versionul00c00
Huawei ≫ Rio Firmware Versional00c00
Huawei ≫ Plk Firmware Versional10c00
Huawei ≫ Plk Firmware Versional10c92
Huawei ≫ Cherryplus Firmware Versiontl00c00
Huawei ≫ Cherryplus Firmware Versiontl00mc01
Huawei ≫ Cherryplus Firmware Versionul00c00
Huawei ≫ Cherryplus Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.31 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.