Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.
References
Link | Resource |
---|---|
https://www.secomea.com/support/cybersecurity-advisory/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
11 May 2022, 19:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CPE | cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Secomea sitemanager 3529 Firmware
Secomea sitemanager 1139 Secomea sitemanager 3329 Secomea sitemanager 1129 Firmware Secomea sitemanager 3329 Firmware Secomea Secomea sitemanager 1149 Secomea sitemanager 3549 Firmware Secomea sitemanager 1139 Firmware Secomea sitemanager 1149 Firmware Secomea sitemanager 1129 Secomea sitemanager 3349 Firmware Secomea sitemanager 3349 Secomea sitemanager 3339 Secomea sitemanager 3339 Firmware Secomea sitemanager 3539 Secomea sitemanager 3529 Secomea sitemanager 3539 Firmware Secomea sitemanager 3549 |
|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
References | (MISC) https://www.secomea.com/support/cybersecurity-advisory/ - Vendor Advisory |
04 May 2022, 15:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-04 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25784
Mitre link : CVE-2022-25784
CVE.ORG link : CVE-2022-25784
JSON object : View
Products Affected
secomea
- sitemanager_3329_firmware
- sitemanager_3529
- sitemanager_3349_firmware
- sitemanager_3349
- sitemanager_1139_firmware
- sitemanager_3529_firmware
- sitemanager_3549_firmware
- sitemanager_3339_firmware
- sitemanager_3539
- sitemanager_3329
- sitemanager_1149_firmware
- sitemanager_1139
- sitemanager_3339
- sitemanager_1149
- sitemanager_3539_firmware
- sitemanager_3549
- sitemanager_1129_firmware
- sitemanager_1129
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')