CVE-2016-4575

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ath_firmware:cl00c92:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ath_firmware:tl00hc01:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ath_firmware:ul00c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ath:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:rio_firmware:al00c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:rio:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:plk_firmware:al10c92:*:*:*:*:*:*:*
cpe:2.3:h:huawei:plk:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01:*:*:*:*:*:*:*
cpe:2.3:o:huawei:cherryplus_firmware:ul00c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:cherryplus:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:52

Type Values Removed Values Added
References () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en - Vendor Advisory () http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en - Vendor Advisory

Information

Published : 2016-05-25 15:59

Updated : 2024-11-21 02:52


NVD link : CVE-2016-4575

Mitre link : CVE-2016-4575

CVE.ORG link : CVE-2016-4575


JSON object : View

Products Affected

huawei

  • cherryplus_firmware
  • ath
  • ath_firmware
  • rio
  • cherryplus
  • plk_firmware
  • plk
  • rio_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')