CVE-2020-29025

Name of the Vulnerable Software and Affected Versions: SiteManager-Embedded (SM-E) versions prior to 9.3

Description: A vulnerability in the SiteManager-Embedded (SM-E) Web server may allow an attacker to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

Recommendations: For versions prior to 9.3, update to version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using URLs that could be manipulated by an attacker to execute malicious JavaScript code.