CVE-2015-2347

Name of the Vulnerable Software and Affected Versions Huawei SEQ Analyst versions prior to V200R002C03LG0001CP0022

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the command XML element in the req parameter to "flexdata.action" in various directories, including "common/", "monitor/", or "psnpm/", or the module XML element in the req parameter to "flexdata.action" in "monitor/".

Recommendations For versions prior to V200R002C03LG0001CP0022, update to V200R002C03LG0001CP0022 or later to resolve the issue. As a temporary workaround, consider restricting access to the "flexdata.action" endpoint in the affected directories until a patch is applied. Avoid using the req parameter with untrusted input in the "flexdata.action" endpoint until the issue is resolved.