CRITICAL✓ PATCH🇬🇧 English

CVE-2022-25784

CVSS 9.1v3.1pub. 2022-05-04upd. 2024-11-21

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Secomea Sitemanager 1129

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1129 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 1139

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1139 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 1149

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 1149 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3329

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3329 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3339

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3339 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3349

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3349 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3529

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3529 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3539

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3539 Firmware

    OS
    Secomea
    < 9.7.622134021
  • Secomea Sitemanager 3549

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager 3549 Firmware

    OS
    Secomea
    < 9.7.622134021
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-38124MEDIUM5.7ten sam produkt

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manne...

CVE-2021-32010MEDIUM5.6ten sam produkt

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may...

CVE-2022-25785MEDIUM6.6ten sam produkt

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary cod...

CVE-2021-32005MEDIUM6.5ten sam produkt

Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store j...

CVE-2020-29027MEDIUM5.4ten sam produkt

Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS...