CVE-2018-7976
Description
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.094
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-7976 are affected in espace_desktop 300r001c50 | NCM |
| Vulnerabilities CVE-2018-7976 are affected in espace_desktop 300r001c00 | NCM |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-7976) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234