Vulnerability-Lookup

CVE-2016-8789 (GCVE-0-2016-8789)

Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35

Summary

Severity ?

No CVSS data available.

CWE

reflected cross-site scripting (XSS)

Assigner

huawei

References

URL

	Vendor	Product	Version
	n/a	eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07	Affected: eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07

CNVD-2016-11725

Vulnerability from cnvd - Published: 2016-12-01

Title

华为eSpace IAD产品存在反射型跨站脚本漏洞

Description

Huawei eSpace IAD是中国华为（Huawei）公司的IP语音及统一通信解决方案的综合接入设备。华为eSpace IAD产品存在反射型跨站脚本漏洞。攻击者利用漏洞可在用户浏览器中运行恶意脚本，从而获取用户信息，劫持会话等。

Severity

中

Patch Name

华为eSpace IAD产品存在反射型跨站脚本漏洞的补丁

Patch Description

Huawei eSpace IAD是中国华为（Huawei）公司的IP语音及统一通信解决方案的综合接入设备。华为eSpace IAD产品存在反射型跨站脚本漏洞。攻击者利用漏洞可在用户浏览器中运行恶意脚本，从而获取用户信息，劫持会话等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修补方案，请关注如下链接及时更新： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn

Impacted products

Name
['Huawei eSpace IAD V300R001C03', 'Huawei eSpace IAD V300R001C04', 'Huawei eSpace IAD V300R001C06', 'Huawei eSpace IAD V300R001C20', 'Huawei eSpace IAD V300R001C07']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94613"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8789"
    }
  },
  "description": "Huawei eSpace IAD\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684IP\u8bed\u97f3\u53ca\u7edf\u4e00\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u7684\u7efc\u5408\u63a5\u5165\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3aeSpace IAD\u4ea7\u54c1\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u8fd0\u884c\u6076\u610f\u811a\u672c\uff0c\u4ece\u800c\u83b7\u53d6\u7528\u6237\u4fe1\u606f\uff0c\u52ab\u6301\u4f1a\u8bdd\u7b49\u3002",
  "discovererName": "Jiang Zhiwei",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11725",
  "openTime": "2016-12-01",
  "patchDescription": "Huawei eSpace IAD\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684IP\u8bed\u97f3\u53ca\u7edf\u4e00\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u7684\u7efc\u5408\u63a5\u5165\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3aeSpace IAD\u4ea7\u54c1\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u8fd0\u884c\u6076\u610f\u811a\u672c\uff0c\u4ece\u800c\u83b7\u53d6\u7528\u6237\u4fe1\u606f\uff0c\u52ab\u6301\u4f1a\u8bdd\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3aeSpace IAD\u4ea7\u54c1\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei eSpace IAD V300R001C03",
      "Huawei eSpace IAD V300R001C04",
      "Huawei eSpace IAD V300R001C06",
      "Huawei eSpace IAD V300R001C20",
      "Huawei eSpace IAD V300R001C07"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-01",
  "title": "\u534e\u4e3aeSpace IAD\u4ea7\u54c1\u5b58\u5728\u53cd\u5c04\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2016-8789

Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/94613	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94613	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	espace_integrated_access_device_firmware	v300r001c03
huawei	espace_integrated_access_device_firmware	v300r001c04
huawei	espace_integrated_access_device_firmware	v300r001c06
huawei	espace_integrated_access_device_firmware	v300r001c07
huawei	espace_integrated_access_device_firmware	v300r001c20
huawei	espace_integrated_access_device	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c03:*:*:*:*:*:*:*",
              "matchCriteriaId": "AABD36A9-C669-408C-8B97-6443EB4261F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF374D3F-67FA-4C19-90DC-7F4DA587BE3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c06:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A47474-2434-4E5C-AE0B-B9510526F109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c07:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ED33178-02F2-4CE6-A7D3-60684FBDAB28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F1582C-AAC6-4211-ACA5-59DE4E7F53BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:espace_integrated_access_device:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "513CAF82-DDC9-4558-BC5C-407D9B51F49D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS."
    },
    {
      "lang": "es",
      "value": "Huawei eSpace Integrated Access Device (IAD) con software V300R001C03, V300R001C04, V300R001C06, V300R001C20 y V300R001C07 permite a un atacante enga\u00f1ar a un usuario para que haga clic en una URL que contiene una secuencia de comandos maliciosa para obtener informaci\u00f3n del usuario o secuestrar la sesi\u00f3n, tambi\u00e9n conocido como XSS."
    }
  ],
  "id": "CVE-2016-8789",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-02T20:59:01.610",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94613"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MVVC-3V8G-5X86

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2022-05-17 02:51

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.",
  "id": "GHSA-mvvc-3v8g-5x86",
  "modified": "2022-05-17T02:51:29Z",
  "published": "2022-05-17T02:51:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8789"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94613"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201704-1022

Vulnerability from variot - Updated: 2025-04-20 23:05

Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. HuaweieSpaceIAD is a comprehensive access device for Huawei's IP voice and unified communications solutions. A reflective cross-site scripting vulnerability exists in Huawei eSpaceIAD products. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Huawei eSpace IAD V300R001C20, Huawei eSpace IAD V300R001C07, Huawei eSpace IAD V300R001C06, Huawei eSpace IAD V300R001C04, Huawei eSpace IAD V300R001C03

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1022",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "espace integrated access device",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v300r001c03"
      },
      {
        "model": "espace integrated access device",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v300r001c04"
      },
      {
        "model": "espace integrated access device",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v300r001c06"
      },
      {
        "model": "espace integrated access device",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v300r001c07"
      },
      {
        "model": "espace integrated access device",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v300r001c20"
      },
      {
        "model": "espace iad v300r001c03",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r001c04",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r001c06",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r001c20",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace iad v300r001c07spc200",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:espace_integrated_access_device_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jiang Zhiwei.",
    "sources": [
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-8789",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-8789",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-11725",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-97609",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-8789",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8789",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8789",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11725",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201612-016",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97609",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. HuaweieSpaceIAD is a comprehensive access device for Huawei\u0027s IP voice and unified communications solutions. A reflective cross-site scripting vulnerability exists in Huawei eSpaceIAD products. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Huawei eSpace IAD V300R001C20, Huawei eSpace IAD V300R001C07, Huawei eSpace IAD V300R001C06, Huawei eSpace IAD V300R001C04, Huawei eSpace IAD V300R001C03",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8789",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94613",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "id": "VAR-201704-1022",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      }
    ],
    "trust": 1.3236111099999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:05:09.861000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20161130-01-espace",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
      },
      {
        "title": "Huawei eSpaceIAD product has a patch for reflective cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/84782"
      },
      {
        "title": "Huawei eSpace IAD Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65995"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94613"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8789"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161130-01-espace-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "db": "BID",
        "id": "94613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "date": "2017-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "date": "2016-12-01T00:00:00",
        "db": "BID",
        "id": "94613"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "date": "2016-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "date": "2017-04-02T20:59:01.610000",
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11725"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97609"
      },
      {
        "date": "2016-12-20T02:04:00",
        "db": "BID",
        "id": "94613"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      },
      {
        "date": "2016-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2016-8789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei eSpace Integrated Access Device Software cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008219"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-016"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-8789

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8789

Aliases

CVE-2016-8789

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8789",
    "description": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.",
    "id": "GSD-2016-8789"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8789"
      ],
      "details": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS.",
      "id": "GSD-2016-8789",
      "modified": "2023-12-13T01:21:22.112839Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2016-8789",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "eSpace IAD V300R001C03, V300R001C04, V300R001C06, V300R001C20 and V300R001C07"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "reflected cross-site scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
          },
          {
            "name": "94613",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94613"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:espace_integrated_access_device_firmware:v300r001c07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:espace_integrated_access_device:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8789"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161130-01-espace-en"
            },
            {
              "name": "94613",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94613"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-04-05T20:02Z",
      "publishedDate": "2017-04-02T20:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8789 (GCVE-0-2016-8789)

CNVD-2016-11725

FKIE_CVE-2016-8789

GHSA-MVVC-3V8G-5X86

VAR-201704-1022

GSD-2016-8789

Tags

Sightings

Nomenclature