CVE-2020-29021

LOW

Secomea GateManager < 9.3 - Authenticated Stored Cross-Site Scripting via Web UI Input Field

Title source: llm
STIX 2.1

Description

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.

References (1)

Core 1
Core References

Scores

CVSS v3 3.5
EPSS 0.0065
EPSS Percentile 46.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-20 CWE-79
Status published
Products (4)
secomea/gatemanager_4250_firmware
secomea/gatemanager_4260_firmware
secomea/gatemanager_8250_firmware < 9.3
secomea/gatemanager_9250_firmware
Published Feb 08, 2021
Tracked Since Feb 18, 2026