ethancsyang

2 exploits Active since Jun 2021
CVE-2021-34540 WRITEUP MEDIUM WRITEUP
Advantech WebAccess 8.4.2 and 8.4.4 - Cross-Site Scripting via WADashboard Username Column
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
CVSS 6.1
CVE-2021-34683 WRITEUP MEDIUM WRITEUP
E-document System 3.0 - Info Disclosure
An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp to obtain the contact information (name and e-mail address) of everyone in the entire organization. This information can allow remote attackers to perform social engineering or brute force attacks against the system login page.
CVSS 5.3