TVN ID	TVN-202209008
CVE ID	CVE-2022-39035
CVSS	6.1 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products	Smart eVision ver.2022.02.21
Description	Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
Solution	Update Smart eVision version to 2022.06.16
Credit	Gary Tan, Zac Wang (Talent-Jump)
Public Date	2022-09-28