CVE Published: 28/09/2022 |
CVE Updated: 17/09/2024 |
CVE Year: 2022 Source: twcert |
Vendor: Smart eVision Information Technology Inc. |
Product: Smart eVision Status : PUBLISHED
CVE-2022-39035 Description
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
Metrics
CVSS Version: 3.1 |
Base Score: 6.1 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N