Vulnerability-Lookup

CVE-2016-4575 (GCVE-0-2016-4575)

Vulnerability from cvelistv5 – Published: 2016-05-25 15:00 – Updated: 2024-08-06 00:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-VFVR-QWMH-F4C8

Vulnerability from github – Published: 2022-05-17 03:54 – Updated: 2022-05-17 03:54

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-25T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.",
  "id": "GHSA-vfvr-qwmh-f4c8",
  "modified": "2022-05-17T03:54:50Z",
  "published": "2022-05-17T03:54:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4575"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-4575

Vulnerability from fkie_nvd - Published: 2016-05-25 15:59 - Updated: 2025-04-12 10:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	cve@mitre.org	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	ath_firmware	al00c00
huawei	ath_firmware	cl00c92
huawei	ath_firmware	tl00hc01
huawei	ath_firmware	ul00c00
huawei	ath	-
huawei	rio_firmware	al00c00
huawei	rio	-
huawei	plk_firmware	al10c00
huawei	plk_firmware	al10c92
huawei	plk	-
huawei	cherryplus_firmware	tl00c00
huawei	cherryplus_firmware	tl00mc01
huawei	cherryplus_firmware	ul00c00
huawei	cherryplus	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DB67AC-8BD0-457A-B810-B6509721D32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ath_firmware:cl00c92:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38376A3-4432-4E98-B141-B225102E2004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ath_firmware:tl00hc01:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A32ECC-6190-4297-B5CB-BD379DFCA808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:ath_firmware:ul00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E53EA8C-68BF-4D2D-BE64-8406AE423F32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ath:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "93508441-3835-4E42-9EE4-81BE855CF791",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:rio_firmware:al00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EC8710-A960-4504-97F9-8FCD679702FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:rio:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "824B416C-537A-4525-A611-2261D1B6DA9D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9ABF6E1-F898-47E2-8C8B-E85FAE42941C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:plk_firmware:al10c92:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBAEDA23-61F6-4240-AA6A-E17C734AAD83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:plk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6141EDCE-1950-48F3-8187-BE4FAFF274E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE07476A-AEA1-420D-B4C4-A120B9EBEA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AF28C8B-E9CD-436B-AFFE-06CF891EA621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:cherryplus_firmware:ul00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C14166-EF1E-4034-B8AB-79F750BF1EB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:cherryplus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C656C5-9B4F-4F6F-9F3C-6B6BC38035BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el email APP en smartphones Huawei PLK con software AL10C00 en versiones anteriores a AL10C00B211 y AL10C92 en versiones anteriores a AL10C92B211; smartphones ATH con software AL00C00 en versiones anteriores a AL00C00B361, CL00C92 en versiones anteriores a CL00C92B361, TL00HC01 en versiones anteriores a TL00HC01B361 y UL00C00 en versiones anteriores a UL00C00B361; smartphones CherryPlus con software TL00C00 en versiones anteriores a TL00C00B553, UL00C00 en versiones anteriores a UL00C00B553 y TL00MC01 en versiones anteriores a TL00MC01B553; y smartphones RIO con software AL00C00 en versiones anteriores a AL00C00B360 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un mensaje de email."
    }
  ],
  "id": "CVE-2016-4575",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-25T15:59:06.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-03203

Vulnerability from cnvd - Published: 2016-05-17

Title

多款Huawei产品跨站脚本漏洞

Description

Huawei PLK PLK-AL10C00B211是中国华为公司的智能手机产品。多款Huawei PLK PLK-AL10C00B211产品的Email应用中存在跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。

Severity

中

Patch Name

多款Huawei产品跨站脚本漏洞的补丁

Patch Description

Huawei PLK PLK-AL10C00B211是中国华为公司的智能手机产品。多款Huawei PLK PLK-AL10C00B211产品的Email应用中存在跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160507-01-emailapp-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160507-01-emailapp-cn

Impacted products

Name
['Huawei 荣耀7 <PLK-AL10C00B211', 'Huawei 荣耀7 <PLK-AL10C92B211', 'Huawei 荣耀7i <ATH-AL00C00B361', 'Huawei 荣耀7i <ATH-CL00C92B361', 'Huawei 荣耀7i <ATH-TL00HC01B361', 'Huawei 荣耀7i <ATH-UL00C00B361', 'Huawei 荣耀畅玩4X <CherryPlus-TL00C00B553', 'Huawei 荣耀畅玩4X <CherryPlus-UL00C00B553', 'Huawei 荣耀畅玩4X <CherryPlus-TL00MC01B553', 'Huawei 麦芒4 <RIO-AL00C00B360']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4575"
    }
  },
  "description": "Huawei PLK PLK-AL10C00B211\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei PLK PLK-AL10C00B211\u4ea7\u54c1\u7684Email\u5e94\u7528\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160507-01-emailapp-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03203",
  "openTime": "2016-05-17",
  "patchDescription": "Huawei PLK PLK-AL10C00B211\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei PLK PLK-AL10C00B211\u4ea7\u54c1\u7684Email\u5e94\u7528\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei \u8363\u80007 \u003cPLK-AL10C00B211",
      "Huawei \u8363\u80007 \u003cPLK-AL10C92B211",
      "Huawei \u8363\u80007i \u003cATH-AL00C00B361",
      "Huawei \u8363\u80007i \u003cATH-CL00C92B361",
      "Huawei \u8363\u80007i \u003cATH-TL00HC01B361",
      "Huawei \u8363\u80007i \u003cATH-UL00C00B361",
      "Huawei \u8363\u8000\u7545\u73a94X \u003cCherryPlus-TL00C00B553",
      "Huawei \u8363\u8000\u7545\u73a94X \u003cCherryPlus-UL00C00B553",
      "Huawei \u8363\u8000\u7545\u73a94X \u003cCherryPlus-TL00MC01B553",
      "Huawei \u9ea6\u82924 \u003cRIO-AL00C00B360"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160507-01-emailapp-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-13",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

VAR-201605-0333

Vulnerability from variot - Updated: 2025-04-13 23:41

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message. HuaweiPLKPLK-AL10C00B211 is a smartphone product of China Huawei. Multiple Huawei Smartphones are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Huawei PLK PLK-AL10C00B211 etc. The vulnerability is caused by the program's lack of output encoding for some specific characters. The following products and versions are affected: Huawei PLK versions prior to PLK-AL10C00B211, versions prior to PLK-AL10C92B211, versions prior to ATH ATH-AL00C00B361, versions prior to ATH-CL00C92B361, versions prior to ATH-TL00HC01B361, versions prior to ATH-UL00C00B361, CherryPlus Cherry3Plus-TL00C Previous versions, versions before CherryPlus-UL00C00B553, versions before CherryPlus-TL00MC01B553, versions before RIO RIO-AL00C00B360

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0333",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ath",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "cl00c92"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "ul00c00"
      },
      {
        "model": "rio",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "al00c00"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "al00c00"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "tl00mc01"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "tl00c00"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "ul00c00"
      },
      {
        "model": "plk",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "al10c92"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "tl00hc01"
      },
      {
        "model": "plk",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": "al10c00"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ath",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "cl00c92"
      },
      {
        "model": "rio",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ath",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ul00c00"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00mc01b553"
      },
      {
        "model": "plk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al10c00"
      },
      {
        "model": "rio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al00c00b360"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al00c00b361"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00c00b553"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00hc01b361"
      },
      {
        "model": "plk",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ath",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ul00c00b361"
      },
      {
        "model": "cherryplus",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00mc01"
      },
      {
        "model": "cherryplus",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00c00"
      },
      {
        "model": "cherryplus",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rio",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al00c00"
      },
      {
        "model": "plk",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al10c92"
      },
      {
        "model": "cherryplus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ul00c00b553"
      },
      {
        "model": "ath",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "tl00hc01"
      },
      {
        "model": "ath",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al00c00"
      },
      {
        "model": "plk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al10c00b211"
      },
      {
        "model": "plk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "al10c92b211"
      },
      {
        "model": "ath",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "cl00c92b361"
      },
      {
        "model": "cherryplus",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "ul00c00"
      },
      {
        "model": "glory \u003cplk-al10c00b211",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "7"
      },
      {
        "model": "glory \u003cplk-al10c92b211",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "7"
      },
      {
        "model": "glory 7i \u003cath-al00c00b361",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "glory 7i \u003cath-cl00c92b361",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "glory 7i \u003cath-tl00hc01b361",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "glory 7i \u003cath-ul00c00b361",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "glory play \u003ccherryplus-tl00c00b553",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "4x"
      },
      {
        "model": "glory play \u003ccherryplus-ul00c00b553",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "4x"
      },
      {
        "model": "glory play \u003ccherryplus-tl00mc01b553",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "4x"
      },
      {
        "model": "\\351\\272\\246\\350\\212\\2224 \u003crio-al00c00b360",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:huawei:ath",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:ath_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:cherryplus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:cherryplus_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:plk",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:plk_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:rio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:rio_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "dark clouds",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-4575",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-4575",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-03203",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-93394",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-4575",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-4575",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-4575",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-03203",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-384",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93394",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message. HuaweiPLKPLK-AL10C00B211 is a smartphone product of China Huawei. Multiple Huawei Smartphones are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied  input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Huawei PLK PLK-AL10C00B211 etc. The vulnerability is caused by the program\u0027s lack of output encoding for some specific characters. The following products and versions are affected: Huawei PLK versions prior to PLK-AL10C00B211, versions prior to PLK-AL10C92B211, versions prior to ATH ATH-AL00C00B361, versions prior to ATH-CL00C92B361, versions prior to ATH-TL00HC01B361, versions prior to ATH-UL00C00B361, CherryPlus Cherry3Plus-TL00C Previous versions, versions before CherryPlus-UL00C00B553, versions before CherryPlus-TL00MC01B553, versions before RIO RIO-AL00C00B360",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "BID",
        "id": "90307"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4575",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "90307",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "db": "BID",
        "id": "90307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "id": "VAR-201605-0333",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:41:18.155000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20160507-01-emailapp",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
      },
      {
        "title": "Patches for multiple Huawei product cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/75938"
      },
      {
        "title": "Multiple Huawei Fixes for product cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61700"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.4,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
      },
      {
        "trust": 1.2,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160507-01-emailapp-cn"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4575"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4575"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "db": "BID",
        "id": "90307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "db": "BID",
        "id": "90307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "date": "2016-05-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "date": "2016-05-07T00:00:00",
        "db": "BID",
        "id": "90307"
      },
      {
        "date": "2016-05-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "date": "2016-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "date": "2016-05-25T15:59:06.300000",
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-03203"
      },
      {
        "date": "2016-05-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93394"
      },
      {
        "date": "2016-07-06T14:41:00",
        "db": "BID",
        "id": "90307"
      },
      {
        "date": "2016-05-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      },
      {
        "date": "2016-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-4575"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Smartphone software email application cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002947"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-384"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-4575

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4575

Aliases

CVE-2016-4575

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4575",
    "description": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.",
    "id": "GSD-2016-4575"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4575"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.",
      "id": "GSD-2016-4575",
      "modified": "2023-12-13T01:21:18.478296Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-4575",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ath_firmware:cl00c92:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ath_firmware:tl00hc01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:ath_firmware:ul00c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ath:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:rio_firmware:al00c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:rio:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:plk_firmware:al10c92:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:plk:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:cherryplus_firmware:ul00c00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:cherryplus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4575"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160507-01-emailapp-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2016-05-26T13:50Z",
      "publishedDate": "2016-05-25T15:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4575 (GCVE-0-2016-4575)

GHSA-VFVR-QWMH-F4C8

FKIE_CVE-2016-4575

CNVD-2016-03203

VAR-201605-0333

GSD-2016-4575

Tags

Sightings

Nomenclature