// For flags

CVE-2020-29021

Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)

Severity Score

4.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.

Una vulnerabilidad en el campo de entrada de la interfaz de Usuario Web de GateManager, permite a un atacante autenticado ingresar etiquetas de script que podrĂ­an causar un ataque de tipo XSS.&#xa0;Este problema afecta a: GateManager todas las versiones anteriores a 9.3

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-11-24 CVE Reserved
  • 2021-02-08 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.secomea.com/support/cybersecurity-advisory 2021-02-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Secomea
Search vendor "Secomea"
 Gatemanager 8250 Firmware
Search vendor "Secomea" for product "Gatemanager 8250 Firmware"
 < 9.3
Search vendor "Secomea" for product "Gatemanager 8250 Firmware" and version " < 9.3"
-
Affected
in Secomea
Search vendor "Secomea"
 Gatemanager 8250
Search vendor "Secomea" for product "Gatemanager 8250"
--
Safe
Secomea
Search vendor "Secomea"
 Gatemanager 4250 Firmware
Search vendor "Secomea" for product "Gatemanager 4250 Firmware"
*-
Affected
in Secomea
Search vendor "Secomea"
 Gatemanager 4250
Search vendor "Secomea" for product "Gatemanager 4250"
--
Safe
Secomea
Search vendor "Secomea"
 Gatemanager 4260 Firmware
Search vendor "Secomea" for product "Gatemanager 4260 Firmware"
*-
Affected
in Secomea
Search vendor "Secomea"
 Gatemanager 4260
Search vendor "Secomea" for product "Gatemanager 4260"
--
Safe
Secomea
Search vendor "Secomea"
 Gatemanager 9250 Firmware
Search vendor "Secomea" for product "Gatemanager 9250 Firmware"
*-
Affected
in Secomea
Search vendor "Secomea"
 Gatemanager 9250
Search vendor "Secomea" for product "Gatemanager 9250"
--
Safe