CVE-2022-39035

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt