First published: Fri Jun 01 2018(Updated: )
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei eSpace Desktop | =300r001c00 | |
Huawei eSpace Desktop | =300r001c50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7976 is considered a high severity vulnerability due to its potential for exploitation via stored cross-site scripting.
To fix CVE-2018-7976, update Huawei eSpace Desktop to the latest versions that contain patches for this vulnerability.
CVE-2018-7976 affects Huawei eSpace Desktop versions V300R001C00 and V300R001C50.
Yes, an authenticated remote attacker can exploit CVE-2018-7976 to perform an XSS attack.
CVE-2018-7976 is categorized as a stored cross-site scripting (XSS) vulnerability.