MEDIUM✓ PATCH🇬🇧 English

CVE-2021-32005

CVSS 6.5v3.1pub. 2022-03-10upd. 2024-11-21

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
  • Secomea Sitemanager 1129

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1129 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 1139

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1139 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 1149

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1149 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3329

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3329 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3339

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3339 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3349

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3349 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3529

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3529 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3539

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3539 Firmware

    OS
    Secomea
    < 9.6.621421014
  • Secomea Sitemanager 3549

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3549 Firmware

    OS
    Secomea
    < 9.6.621421014
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-25784CRITICAL9.1ten sam produkt

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. ...

CVE-2022-38124MEDIUM5.7ten sam produkt

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manne...

CVE-2021-32010MEDIUM5.6ten sam produkt

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may...

CVE-2022-25785MEDIUM6.6ten sam produkt

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary cod...

CVE-2020-29027MEDIUM5.4ten sam produkt

Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS...