Stored XSS Vulnerability in Huawei SmartCare Dashboard
CVE-2017-15312

5.4MEDIUM

Key Information:

Vendor: McAfee
Status: Smartcare
Vendor: CVE Published:; 22 December 2017

What is CVE-2017-15312?

The Huawei SmartCare V200R003C10 contains a stored cross-site scripting (XSS) vulnerability within its dashboard module. This flaw allows remote authenticated attackers to inject malicious scripts, potentially compromising the security and integrity of the affected device. Exploiting this vulnerability could lead to unauthorized actions and data exposure. It is crucial for users to implement security updates and necessary safeguards to mitigate this risk.

Affected Version(s)

SmartCare V200R003C10

References

http://www.huawei.com/en/psirt/security-notices/huawei-sn...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2017
Vulnerability Reserved
Oct 14, 2017

McAfee

What is CVE-2017-15312?

Affected Version(s)

References

CVSS V3.1

Timeline