Vulnerability Details CVE-2016-4575
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2016-4575
-
cpe:2.3:h:huawei:ath:-
-
cpe:2.3:h:huawei:cherryplus:-
-
cpe:2.3:h:huawei:plk:-
-
cpe:2.3:h:huawei:rio:-
-
cpe:2.3:o:huawei:ath_firmware:al00c00
-
cpe:2.3:o:huawei:ath_firmware:cl00c92
-
cpe:2.3:o:huawei:ath_firmware:tl00hc01
-
cpe:2.3:o:huawei:ath_firmware:ul00c00
-
cpe:2.3:o:huawei:cherryplus_firmware:tl00c00
-
cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01
-
cpe:2.3:o:huawei:cherryplus_firmware:ul00c00
-
cpe:2.3:o:huawei:plk_firmware:al10c00
-
cpe:2.3:o:huawei:plk_firmware:al10c92
-
cpe:2.3:o:huawei:rio_firmware:al00c00