Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.
References
Link | Resource |
---|---|
https://www.secomea.com/support/cybersecurity-advisory/#5017 | Not Applicable Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
12 Mar 2022, 04:02
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
First Time |
Secomea sitemanager 1139 Firmware
Secomea sitemanager 1129 Secomea sitemanager 1139 Secomea sitemanager 3339 Secomea sitemanager 3539 Firmware Secomea sitemanager 3339 Firmware Secomea sitemanager 3549 Firmware Secomea sitemanager 3529 Firmware Secomea sitemanager 3329 Secomea sitemanager 1129 Firmware Secomea sitemanager 3549 Secomea sitemanager 1149 Secomea Secomea sitemanager 3539 Secomea sitemanager 3529 Secomea sitemanager 3349 Firmware Secomea sitemanager 1149 Firmware Secomea sitemanager 3329 Firmware Secomea sitemanager 3349 |
|
CWE | CWE-79 | |
CPE | cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.secomea.com/support/cybersecurity-advisory/#5017 - Not Applicable, Vendor Advisory |
10 Mar 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-10 17:42
Updated : 2023-12-10 14:22
NVD link : CVE-2021-32005
Mitre link : CVE-2021-32005
CVE.ORG link : CVE-2021-32005
JSON object : View
Products Affected
secomea
- sitemanager_3329_firmware
- sitemanager_3529
- sitemanager_3349_firmware
- sitemanager_3349
- sitemanager_1139_firmware
- sitemanager_3529_firmware
- sitemanager_3549_firmware
- sitemanager_3339_firmware
- sitemanager_3539
- sitemanager_3329
- sitemanager_1149_firmware
- sitemanager_1139
- sitemanager_3339
- sitemanager_1149
- sitemanager_3539_firmware
- sitemanager_3549
- sitemanager_1129_firmware
- sitemanager_1129
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')