CVE-2019-5286

{"id": "CVE-2019-5286", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-06-13T16:29:01.670", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190605-01-hedex-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190605-01-hedex-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007."}, {"lang": "es", "value": "Hay una vulnerabilidad XSS de reflexi\u00f3n en los productos HedEx. Los atacantes remotos env\u00edan enlaces maliciosos a los usuarios y los enga\u00f1an para que hagan clic. La operaci\u00f3n con \u00e9xito de la nube permite al atacante iniciar ataques XSS. Afecta las versiones de HedEx Lite anteriores a V200R006C00SPC007."}], "lastModified": "2024-11-21T04:44:40.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:hedex_lite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CEE7B0-6061-4739-8B4B-F7A43D9FEA14", "versionEndExcluding": "v200r006c00spc007"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}