CVE-2020-29025: DOM-based Javascript injection
First published: Tue Feb 16 2021(Updated: )
A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3
Credit: VulnerabilityReporting@secomea.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Secomea SiteManager | <9.2c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-29025?
CVE-2020-29025 is a vulnerability in the SiteManager-Embedded (SM-E) Web server that allows an attacker to execute JavaScript code within a user's browser.
What is the severity of CVE-2020-29025?
CVE-2020-29025 has a severity rating of 6.1, which is considered medium.
Which software is affected by CVE-2020-29025?
Secomea SiteManager Embedded version up to and excluding 9.2c is affected by CVE-2020-29025.
How can an attacker exploit CVE-2020-29025?
An attacker can exploit CVE-2020-29025 by constructing a malicious URL that, when visited by another application user, executes the attacker's JavaScript code in the user's browser.
Is there a fix available for CVE-2020-29025?
Yes, please refer to the official Secomea SiteManager Embedded support page for the fix.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/secomea
- canonical/secomea sitemanager