Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.

Published

2018-06-01T14:29:00.927

Last Modified

2024-11-21T04:13:01.847

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	huawei	espace_desktop	300r001c00	Yes
Application	huawei	espace_desktop	300r001c50	Yes

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)