Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HSecomea Sitemanager 1129
HWSecomeawszystkie wersjeSecomea Sitemanager 1129 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 1139
HWSecomeawszystkie wersjeSecomea Sitemanager 1139 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 1149
HWSecomeawszystkie wersjeSecomea Sitemanager 1149 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3329
HWSecomeawszystkie wersjeSecomea Sitemanager 3329 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3339
HWSecomeawszystkie wersjeSecomea Sitemanager 3339 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3349
HWSecomeawszystkie wersjeSecomea Sitemanager 3349 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3529
HWSecomeawszystkie wersjeSecomea Sitemanager 3529 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3539
HWSecomeawszystkie wersjeSecomea Sitemanager 3539 Firmware
OSSecomea< 9.7.622134021Secomea Sitemanager 3549
HWSecomeawszystkie wersjeSecomea Sitemanager 3549 Firmware
OSSecomea< 9.7.622134021
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
Related vulnerabilities
CVE-2022-38124MEDIUM5.7ten sam produkt
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manne...
CVE-2021-32010MEDIUM5.6ten sam produkt
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may...
CVE-2022-25785MEDIUM6.6ten sam produkt
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary cod...
CVE-2021-32005MEDIUM6.5ten sam produkt
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store j...
CVE-2020-29027MEDIUM5.4ten sam produkt
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS...