VYPR
← All advisories
Medium severity6.1NVD Advisory· Published May 25, 2016· Updated May 6, 2026

CVE-2016-4575

CVE-2016-4575

Description

Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.

Affected products

12
  • Huawei/Ath
    cpe:2.3:h:huawei:ath:-:*:*:*:*:*:*:*
  • Huawei/Cherryplus
    cpe:2.3:h:huawei:cherryplus:-:*:*:*:*:*:*:*
  • Huawei/Ath Firmware4 versions
    cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:huawei:ath_firmware:al00c00:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:ath_firmware:cl00c92:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:ath_firmware:tl00hc01:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:ath_firmware:ul00c00:*:*:*:*:*:*:*
  • Huawei/Cherryplus Firmware3 versions
    cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:huawei:cherryplus_firmware:tl00c00:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:cherryplus_firmware:tl00mc01:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:cherryplus_firmware:ul00c00:*:*:*:*:*:*:*
  • Huawei/Plk Firmware2 versions
    cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:huawei:plk_firmware:al10c00:*:*:*:*:*:*:*
    • cpe:2.3:o:huawei:plk_firmware:al10c92:*:*:*:*:*:*:*
  • Huawei/Rio Firmware
    cpe:2.3:o:huawei:rio_firmware:al00c00:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.