CVE-2020-29025

Published: Feb 16, 2021Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3

Affected (1)

Products: Secomea: Sitemanager Embedded

1 product

Sitemanager Embedded

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Secomea Sitemanager Embedded	Before 9.2c

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.secomea.com/support/cybersecurity-advisory/#3042

Source: VulnerabilityReporting@secomea.com

Vendor Advisory

https://www.secomea.com/support/cybersecurity-advisory/#3042

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.