CVE-2018-7976

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 73.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Espace DesktopHuawei Espace Desktop
Timeline
PublishedJun 1
Latest updateMay 14

Description

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDhuawei/espace_desktop300r001c00, 300r001c50+1
CVEListV5huawei_technologies_co.,_ltd./espace_desktopV300R001C00, V300R001C50+1

🔴Vulnerability Details

2
GHSA
GHSA-v9jg-7gv5-jpg3: There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version2022-05-14
CVEList
CVE-2018-7976: There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version2018-06-01
CVE-2018-7976 (MEDIUM CVSS 5.4) | There is a stored cross-site script | cvebase.io