CVE-2016-4575
Description
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.116
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-4575 are affected in ath_firmware ul00c00 | NCM |
| Vulnerabilities CVE-2016-4575 are affected in ath_firmware tl00hc01 | NCM |
| Vulnerabilities CVE-2016-4575 are affected in ath_firmware cl00c92 | NCM |
| Vulnerabilities CVE-2016-4575 are affected in ath_firmware al00c00 | NCM |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2016-4575) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234