CVE-2020-29025 MEDIUM

CVE-2020-29025: DOM-based Javascript injection

Vendor Secomea

Product SiteManager Embedded (SM-E)

Weakness CWE-79 · XSS

Published February 16, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

Description

A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3

Key dates

Disclosure timeline

February 16, 2021 CVE published

September 16, 2024 Record updated