There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.
References
Link | Resource |
---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Nov 2021, 21:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en - Vendor Advisory | |
CWE | CWE-79 | |
CPE | cpe:2.3:o:huawei:imaster_nce-fabric_firmware:v100r019c10:*:*:*:*:*:*:* cpe:2.3:h:huawei:imaster_nce-fabric:-:*:*:*:*:*:*:* |
23 Nov 2021, 15:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-23 15:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-22410
Mitre link : CVE-2021-22410
CVE.ORG link : CVE-2021-22410
JSON object : View
Products Affected
huawei
- imaster_nce-fabric_firmware
- imaster_nce-fabric
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')