Sign-up

ID

VAR-201806-1712


CVE

CVE-2018-7976


TITLE

Huawei eSpace Desktop Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-005605

DESCRIPTION

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. Huawei eSpace Desktop is a communication PC client based on the eSpace unified communication solution of Huawei in China. It provides instant messaging, status presentation, personal address book, VoIP call, video call, file transfer, voice conference, Business applications such as data conferencing. The vulnerability is caused by insufficient verification input in the program

Trust: 1.71

sources: NVD: CVE-2018-7976 // JVNDB: JVNDB-2018-005605 // VULHUB: VHN-138008

AFFECTED PRODUCTS

vendor:huaweimodel:espace desktopscope:eqversion:300r001c50

Trust: 1.6

vendor:huaweimodel:espace desktopscope:eqversion:300r001c00

Trust: 1.6

vendor:huaweimodel:espace desktopscope:eqversion:v300r001c00

Trust: 0.8

vendor:huaweimodel:espace desktopscope:eqversion:v300r001c50

Trust: 0.8

sources: JVNDB: JVNDB-2018-005605 // CNNVD: CNNVD-201806-137 // NVD: CVE-2018-7976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7976
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7976
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-137
value: LOW

Trust: 0.6

VULHUB: VHN-138008
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-7976
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138008
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7976
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138008 // JVNDB: JVNDB-2018-005605 // CNNVD: CNNVD-201806-137 // NVD: CVE-2018-7976

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-138008 // JVNDB: JVNDB-2018-005605 // NVD: CVE-2018-7976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-137

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005605

PATCH
title:huawei-sa-20180530-01-xssurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en
Trust: 0.8
title:Huawei eSpace Desktop Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80494
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-005605 // 
            
            
            
            CNNVD: CNNVD-201806-137

EXTERNAL IDS
db:NVDid:CVE-2018-7976
Trust: 2.5
db:JVNDBid:JVNDB-2018-005605
Trust: 0.8
db:CNNVDid:CNNVD-201806-137
Trust: 0.7
db:VULHUBid:VHN-138008
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138008 // 
            
            
            
            JVNDB: JVNDB-2018-005605 // 
            
            
            
            CNNVD: CNNVD-201806-137 // 
            
            
            
            NVD: CVE-2018-7976

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-xss-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7976
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7976
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138008 // 
            
            
            
            JVNDB: JVNDB-2018-005605 // 
            
            
            
            CNNVD: CNNVD-201806-137 // 
            
            
            
            NVD: CVE-2018-7976

SOURCES
db:VULHUBid:VHN-138008
db:JVNDBid:JVNDB-2018-005605
db:CNNVDid:CNNVD-201806-137
db:NVDid:CVE-2018-7976

LAST UPDATE DATE
2024-11-23T22:17:27.430000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138008date:2018-07-05T00:00:00
db:JVNDBid:JVNDB-2018-005605date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201806-137date:2018-06-04T00:00:00
db:NVDid:CVE-2018-7976date:2024-11-21T04:13:01.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-138008date:2018-06-01T00:00:00
db:JVNDBid:JVNDB-2018-005605date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201806-137date:2018-06-04T00:00:00
db:NVDid:CVE-2018-7976date:2018-06-01T14:29:00.927