CVE-2016-4058

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 75.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Policy Center

Timeline

PublishedSep 27

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDhuawei/policy_centerv100r003c00, v100r003c10+1

🔴Vulnerability Details

GHSA

GHSA-7f37-wq58-x6qp: Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web sc↗2022-05-17

▶

CVEList

CVE-2016-4058: Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web sc↗2016-09-27

▶

💥Exploits & PoCs

Exploit-DB

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities↗2016-05-26

▶