CVE-2021-27436

Summary

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.

Affected Software

VendorProductVersion RangeStatus
n/aAdvantech WebAccess/SCADAVersions 9.0 and prioraffected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

ADP Enrichment

CVE Program Container

Additional References

References