CVE-2021-42703

Summary

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.

Affected Software

VendorProductVersion RangeStatus
AdvantechHMI DesignerAll versions <= 2.1.11.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

Workarounds

Advantech recommends users update to the latest version of WebAccess HMI Designer v2.1.11.0

Specific questions should be directed to Advantech customer service

ADP Enrichment

CVE Program Container

Additional References

References