CVE-2022-25784

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
SecomeaCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
secomeasitemanager_1129_firmware
𝑥
< 9.7.622134021
secomeasitemanager_1139_firmware
𝑥
< 9.7.622134021
secomeasitemanager_1149_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3329_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3339_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3349_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3529_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3539_firmware
𝑥
< 9.7.622134021
secomeasitemanager_3549_firmware
𝑥
< 9.7.622134021
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.secomea.com/support/cybersecurity-advisory/
https://www.secomea.com/support/cybersecurity-advisory/