Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.
AnalysisAI
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. Affected products include: Huawei Uma.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands vi
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands vi
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or imprope
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validati
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validati
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or imprope
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or imprope
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or imprope
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validati
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validati
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validati
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user p
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today