Vulnerability Description
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Seq Analyst | <= v200r002c03lg0001spc100 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/131460/Huawei-SEQ-Analyst-Cross-Site-ScriptExploit
- http://seclists.org/fulldisclosure/2015/Apr/43Exploit
- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-4Vendor Advisory
- https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3Exploit
- http://packetstormsecurity.com/files/131460/Huawei-SEQ-Analyst-Cross-Site-ScriptExploit
- http://seclists.org/fulldisclosure/2015/Apr/43Exploit
- http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-4Vendor Advisory
- https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlLWZqWlZqNnB0b2xHWFpYUWt3Exploit
FAQ
What is CVE-2015-2347?
CVE-2015-2347 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req para...
How severe is CVE-2015-2347?
CVE-2015-2347 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2347?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Seq Analyst.