Vulnerabilities > Secomea > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-04 | CVE-2022-25787 | Information Exposure vulnerability in Secomea products Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. | 6.7 |
| 2022-03-11 | CVE-2021-32009 | Cross-site Scripting vulnerability in Secomea Gatemanager 9.6.621421014 Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. | 6.1 |
| 2022-03-10 | CVE-2021-32005 | Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. | 5.4 |
| 2022-03-10 | CVE-2021-32006 | Incorrect Default Permissions vulnerability in Secomea Gatemanager 9.6.621421014 This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. | 4.3 |
| 2021-11-22 | CVE-2021-32004 | Unspecified vulnerability in Secomea Gatemanager 8250 Firmware This issue affects: Secomea GateManager All versions prior to 9.6. | 5.3 |
| 2021-08-05 | CVE-2021-32003 | Insufficiently Protected Credentials vulnerability in Secomea Sitemanager Firmware Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. | 5.5 |
| 2021-03-05 | CVE-2020-29029 | Cross-site Scripting vulnerability in Secomea Gatemanager Firmware Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. | 6.1 |
| 2021-03-05 | CVE-2020-29028 | Cross-site Scripting vulnerability in Secomea Gatemanager Firmware Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. | 6.1 |
| 2021-02-16 | CVE-2020-29027 | Cross-site Scripting vulnerability in Secomea products Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. | 5.4 |
| 2021-02-16 | CVE-2020-29025 | Cross-site Scripting vulnerability in Secomea Sitemanager Embedded A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. | 6.1 |