CVE-2016-5850

{"id": "CVE-2016-5850", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2016-07-12T19:59:08.583", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160629-01-publiccloud-en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/91513", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el m\u00f3dulo de servicio de copia de seguridad de volumen en Huawei Public Cloud Solution en versiones anteriores a 1.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-07-14T21:19:08.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:public_cloud_solution:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3215375-0E84-44B8-A85C-5009C7421618", "versionEndIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}