PT-2019-4381 · Huawei · Hedex Lite
Kai Zhao
·
Published
2019-06-05
·
Updated
2019-06-14
·
CVE-2019-5286
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HedEx Lite versions earlier than V200R006C00SPC007
Description
The issue is related to a reflection XSS vulnerability in HedEx products, where remote attackers can send malicious links to users, tricking them into clicking, which can initiate XSS attacks. The vulnerability is also described as being related to the failure to protect the web page structure, allowing a remote attacker to perform cross-site scripting attacks using a malicious link.
Recommendations
For HedEx Lite versions earlier than V200R006C00SPC007, update to version V200R006C00SPC007 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or links to minimize the risk of exploitation. Avoid using links from untrusted sources in the affected HedEx Lite versions until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hedex Lite