VAR-201505-0365
Vulnerability from variot - Updated: 2025-04-13 23:41Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. #Document Title:
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)
Release Date:
=========== 15 Apr 2015
CVE-ID:
======= CVE-2015-2347
Product & Service Introduction:
======================= SEQ Analyst is a platform for business quality monitoring and management by individual user and multiple vendors in a quasi-realtime and retraceable manner More Details & Manual ; http://download.huawei.com/download/filedownload.do?modelID=bulletin&refID=IN0000056669,101
Vulnerability Disclosure Timeline:
======================== 3 Mar 2015 Bug reported to the vendor. 6 Mar 2015 Vendor returned ; investigating 16 Mar 2015 Asked about the case. 16 Mar 2015 Vendor has validated the issue. 17 Mar 2015 There aren't any fix the issue. 18 Mar 2015 CVE number assigned 15 Apr 2015 Fixed
Affected Product(s):
=============== Huawei Technologies Co. Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0365",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "seq analyst",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "v200r002c03lg0001spc100"
},
{
"model": "seq analyst",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "v200r002c03lg0001cp0022"
},
{
"model": "seq analyst",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v200r002c03lg0001spc100"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:seq_analyst",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ugur Cihan KOC",
"sources": [
{
"db": "PACKETSTORM",
"id": "131460"
}
],
"trust": 0.1
},
"cve": "CVE-2015-2347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2347",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80308",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2347",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2347",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-064",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80308",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. #Document Title:\n============\nHuawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)\n\n#Release Date:\n===========\n15 Apr 2015\n\n#CVE-ID:\n=======\nCVE-2015-2347\n\n#Product \u0026 Service Introduction:\n=======================\nSEQ Analyst is a platform for business quality monitoring and management by\nindividual user and multiple vendors in a quasi-realtime and retraceable\nmanner\nMore Details \u0026 Manual ;\nhttp://download.huawei.com/download/filedownload.do?modelID=bulletin\u0026refID=IN0000056669,101\n\n#Vulnerability Disclosure Timeline:\n========================\n3 Mar 2015 Bug reported to the vendor. \n6 Mar 2015 Vendor returned ; investigating\n16 Mar 2015 Asked about the case. \n16 Mar 2015 Vendor has validated the issue. \n17 Mar 2015 There aren\u0027t any fix the issue. \n18 Mar 2015 CVE number assigned\n15 Apr 2015 Fixed\n\n#Affected Product(s):\n===============\nHuawei Technologies Co. Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2347"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "PACKETSTORM",
"id": "131460"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2347",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "131460",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80308",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "PACKETSTORM",
"id": "131460"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"id": "VAR-201505-0365",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80308"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:41:21.042000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notice - Statement about Two Vulnerabilities in SEQ Analyst Product",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/apr/43"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/131460/huawei-seq-analyst-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://drive.google.com/folderview?id=0b-lwhbwdk3p9fnbllwzqwlzqnnb0b2xhwfpyuwt3bmy3y0lpuhvlnm9vtulfcwhythlzsuu\u0026usp=sharing"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2347"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2347"
},
{
"trust": 0.1,
"url": "https://drive.google.com/folderview?id=0b-lwhbwdk3p9fnbllwzqwlzqnnb0b2xhwfpyuwt3bmy3y0lpuhvlnm9vtulfcwhythlzsuu\u0026amp;usp=sharing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2347"
},
{
"trust": 0.1,
"url": "https://www.uceka.com"
},
{
"trust": 0.1,
"url": "http://download.huawei.com/download/filedownload.do?modelid=bulletin\u0026refid=in0000056669,101"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "PACKETSTORM",
"id": "131460"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"db": "PACKETSTORM",
"id": "131460"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80308"
},
{
"date": "2015-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"date": "2015-04-16T05:39:49",
"db": "PACKETSTORM",
"id": "131460"
},
{
"date": "2015-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"date": "2015-05-08T14:59:01.400000",
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-80308"
},
{
"date": "2015-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002551"
},
{
"date": "2015-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-064"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei SEQ Analyst Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002551"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "131460"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-064"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…