CVE-2013-2299 – Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2299

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en Advantech WebAccess (anteriormente BroadWin WebAccess) anterior a v7.1 2013.05.30 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/23968 http://ics-cert.us-cert.gov/advisories/ICSA-13-225-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •