Sign-up

ID

VAR-201607-0462


CVE

CVE-2016-5850


TITLE

Huawei Public Cloud Solution Volume backup service module cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003755

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Huawei Public Cloud Solution is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Huawei Public Cloud Solution is a set of public cloud solutions of China's Huawei (Huawei)

Trust: 2.07

sources: NVD: CVE-2016-5850 // JVNDB: JVNDB-2016-003755 // BID: 91513 // VULHUB: VHN-94670 // VULMON: CVE-2016-5850

AFFECTED PRODUCTS

vendor:huaweimodel:public cloud solutionscope:lteversion:1.0.0

Trust: 1.0

vendor:huaweimodel:public cloud solutionscope:ltversion:1.0.5

Trust: 0.8

vendor:huaweimodel:public cloud solutionscope:eqversion:1.0.0

Trust: 0.6

sources: JVNDB: JVNDB-2016-003755 // NVD: CVE-2016-5850 // CNNVD: CNNVD-201606-683

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-5850
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201606-683
value: LOW

Trust: 0.6

VULHUB: VHN-94670
value: LOW

Trust: 0.1

VULMON: CVE-2016-5850
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2016-5850
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

VULHUB: VHN-94670
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: CVE-2016-5850
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-94670 // VULMON: CVE-2016-5850 // JVNDB: JVNDB-2016-003755 // NVD: CVE-2016-5850 // CNNVD: CNNVD-201606-683

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-94670 // JVNDB: JVNDB-2016-003755 // NVD: CVE-2016-5850

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-683

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201606-683

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-5850

PATCH
title:huawei-sa-20160629-01-publiccloudurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-01-publiccloud-en
Trust: 0.8
title:Huawei Public Cloud Solution Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62590
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003755 // 
            
            
            
            CNNVD: CNNVD-201606-683

EXTERNAL IDS
db:NVDid:CVE-2016-5850
Trust: 2.9
db:BIDid:91513
Trust: 2.1
db:JVNDBid:JVNDB-2016-003755
Trust: 0.8
db:CNNVDid:CNNVD-201606-683
Trust: 0.7
db:VULHUBid:VHN-94670
Trust: 0.1
db:VULMONid:CVE-2016-5850
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94670 // 
            
            
            
            VULMON: CVE-2016-5850 // 
            
            
            
            BID: 91513 // 
            
            
            
            JVNDB: JVNDB-2016-003755 // 
            
            
            
            NVD: CVE-2016-5850 // 
            
            
            
            CNNVD: CNNVD-201606-683

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-01-publiccloud-en
Trust: 2.1
url:http://www.securityfocus.com/bid/91513
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5850
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5850
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94670 // 
            
            
            
            VULMON: CVE-2016-5850 // 
            
            
            
            BID: 91513 // 
            
            
            
            JVNDB: JVNDB-2016-003755 // 
            
            
            
            NVD: CVE-2016-5850 // 
            
            
            
            CNNVD: CNNVD-201606-683

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 91513

SOURCES
db:VULHUBid:VHN-94670
db:VULMONid:CVE-2016-5850
db:BIDid:91513
db:JVNDBid:JVNDB-2016-003755
db:NVDid:CVE-2016-5850
db:CNNVDid:CNNVD-201606-683

LAST UPDATE DATE
2023-12-18T13:48:47.177000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-94670date:2016-07-14T00:00:00
db:VULMONid:CVE-2016-5850date:2016-07-14T00:00:00
db:BIDid:91513date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003755date:2016-07-20T00:00:00
db:NVDid:CVE-2016-5850date:2016-07-14T21:19:08.640
db:CNNVDid:CNNVD-201606-683date:2016-07-13T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-94670date:2016-07-12T00:00:00
db:VULMONid:CVE-2016-5850date:2016-07-12T00:00:00
db:BIDid:91513date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003755date:2016-07-20T00:00:00
db:NVDid:CVE-2016-5850date:2016-07-12T19:59:08.583
db:CNNVDid:CNNVD-201606-683date:2016-06-29T00:00:00