The advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack in web management portal that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation.