Cross-Site Scripting Vulnerability in Huawei SEQ Analyst
CVE-2015-2347

Currently unrated

Key Information:

Vendor: Huawei
Status: Seq Analyst
Vendor: CVE Published:; 8 May 2015

Summary

A cross-site scripting vulnerability exists in Huawei SEQ Analyst software prior to version V200R002C03LG0001CP0022. This flaw allows attackers to inject arbitrary web scripts or HTML, potentially leading to unauthorized access or manipulation of data. The vulnerability can be exploited through the command XML element in requests made to flexdata.action within specific directories such as common/, monitor/, and psnpm/, or directly from the module XML element in the same requests. It is crucial for users of affected versions to implement necessary security measures to mitigate this risk.

References

https://drive.google.com/folderview?id=0B-LWHbwdK3P9fnBlL...

x_refsource_MISC

http://packetstormsecurity.com/files/131460/Huawei-SEQ-An...

x_refsource_MISC

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 8, 2015
Vulnerability Reserved
Mar 18, 2015