Sign-up

ID

VAR-201906-0056


CVE

CVE-2019-5286


TITLE

HedEx Lite Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-005470

DESCRIPTION

There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. HedEx Lite Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Huawei HedEx Lite is a product document manager of China Huawei (Huawei). This product supports functions such as product document download, management and reading. The vulnerability stems from the lack of correct validation of client data in WEB applications

Trust: 1.8

sources: NVD: CVE-2019-5286 // JVNDB: JVNDB-2019-005470 // VULHUB: VHN-156721 // VULMON: CVE-2019-5286

AFFECTED PRODUCTS

vendor:huaweimodel:hedex litescope:ltversion:v200r006c00spc007

Trust: 1.8

sources: JVNDB: JVNDB-2019-005470 // NVD: CVE-2019-5286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5286
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5286
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-241
value: MEDIUM

Trust: 0.6

VULHUB: VHN-156721
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-5286
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5286
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-156721
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5286
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-156721 // VULMON: CVE-2019-5286 // JVNDB: JVNDB-2019-005470 // CNNVD: CNNVD-201906-241 // NVD: CVE-2019-5286

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-156721 // JVNDB: JVNDB-2019-005470 // NVD: CVE-2019-5286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-241

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201906-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005470

PATCH
title:huawei-sa-20190605-01-hedexurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190605-01-hedex-en
Trust: 0.8
title:Huawei HedEx Lite Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93330
Trust: 0.6
title:Huawei Security Advisories: Security Advisory - XSS Vulnerability in Huawei HedEx productsurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=d6e8c8ef1c8308b3f8fc98905fd5ed88
Trust: 0.1
title: - url:https://github.com/happyhacking-k/happyhacking-k 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-5286 // 
            
            
            
            JVNDB: JVNDB-2019-005470 // 
            
            
            
            CNNVD: CNNVD-201906-241

EXTERNAL IDS
db:NVDid:CVE-2019-5286
Trust: 2.6
db:JVNDBid:JVNDB-2019-005470
Trust: 0.8
db:CNNVDid:CNNVD-201906-241
Trust: 0.7
db:VULHUBid:VHN-156721
Trust: 0.1
db:VULMONid:CVE-2019-5286
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156721 // 
            
            
            
            VULMON: CVE-2019-5286 // 
            
            
            
            JVNDB: JVNDB-2019-005470 // 
            
            
            
            CNNVD: CNNVD-201906-241 // 
            
            
            
            NVD: CVE-2019-5286

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190605-01-hedex-en
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2019-5286
Trust: 1.4
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190605-01-hedex-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5286
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/happyhacking-k/happyhacking-k
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156721 // 
            
            
            
            VULMON: CVE-2019-5286 // 
            
            
            
            JVNDB: JVNDB-2019-005470 // 
            
            
            
            CNNVD: CNNVD-201906-241 // 
            
            
            
            NVD: CVE-2019-5286

SOURCES
db:VULHUBid:VHN-156721
db:VULMONid:CVE-2019-5286
db:JVNDBid:JVNDB-2019-005470
db:CNNVDid:CNNVD-201906-241
db:NVDid:CVE-2019-5286

LAST UPDATE DATE
2024-11-23T22:51:44.886000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156721date:2019-06-14T00:00:00
db:VULMONid:CVE-2019-5286date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2019-005470date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-241date:2019-06-17T00:00:00
db:NVDid:CVE-2019-5286date:2024-11-21T04:44:40.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-156721date:2019-06-13T00:00:00
db:VULMONid:CVE-2019-5286date:2019-06-13T00:00:00
db:JVNDBid:JVNDB-2019-005470date:2019-06-20T00:00:00
db:CNNVDid:CNNVD-201906-241date:2019-06-05T00:00:00
db:NVDid:CVE-2019-5286date:2019-06-13T16:29:01.670