CVE-2016-4575

Name of the Vulnerable Software and Affected Versions Huawei PLK smartphones versions AL10C00 through AL10C00B211 Huawei PLK smartphones versions AL10C92 through AL10C92B211 Huawei ATH smartphones versions AL00C00 through AL00C00B361 Huawei ATH smartphones versions CL00C92 through CL00C92B361 Huawei ATH smartphones versions TL00HC01 through TL00HC01B361 Huawei ATH smartphones versions UL00C00 through UL00C00B361 Huawei CherryPlus smartphones versions TL00C00 through TL00C00B553 Huawei CherryPlus smartphones versions UL00C00 through UL00C00B553 Huawei CherryPlus smartphones versions TL00MC01 through TL00MC01B553 Huawei RIO smartphones versions AL00C00 through AL00C00B360

Description A cross-site scripting (XSS) issue exists in the email application of certain Huawei smartphones, allowing remote attackers to inject arbitrary web script or HTML via an email message.

Recommendations For Huawei PLK smartphones versions AL10C00 through AL10C00B211, update to version AL10C00B211 or later. For Huawei PLK smartphones versions AL10C92 through AL10C92B211, update to version AL10C92B211 or later. For Huawei ATH smartphones versions AL00C00 through AL00C00B361, update to version AL00C00B361 or later. For Huawei ATH smartphones versions CL00C92 through CL00C92B361, update to version CL00C92B361 or later. For Huawei ATH smartphones versions TL00HC01 through TL00HC01B361, update to version TL00HC01B361 or later. For Huawei ATH smartphones versions UL00C00 through UL00C00B361, update to version UL00C00B361 or later. For Huawei CherryPlus smartphones versions TL00C00 through TL00C00B553, update to version TL00C00B553 or later. For Huawei CherryPlus smartphones versions UL00C00 through UL00C00B553, update to version UL00C00B553 or later. For Huawei CherryPlus smartphones versions TL00MC01 through TL00MC01B553, update to version TL00MC01B553 or later. For Huawei RIO smartphones versions AL00C00 through AL00C00B360, update to version AL00C00B360 or later.