CVE-2013-2299

Advantech WebAccess < 7.1 - Authenticated Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2299. PoCs published by SecPod Research.

AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in Advantech WebAccess HMI/SCADA Software. The vulnerability allows an authenticated attacker to inject arbitrary HTML and script code via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'.

Description

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
by SecPod Research · textwebappsasp
https://www.exploit-db.com/exploits/23968

This is a writeup detailing a stored XSS vulnerability in Advantech WebAccess HMI/SCADA Software. The vulnerability allows an authenticated attacker to inject arbitrary HTML and script code via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
Auth required
Prerequisites: Authenticated access to the project management interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-13-225-01

Scores

EPSS 0.0144
EPSS Percentile 70.0%

Details

CWE
CWE-79
Status published
Products (3)
advantech/advantech_webaccess 5.0
advantech/advantech_webaccess 6.0
advantech/advantech_webaccess < 7.0
Published Aug 22, 2013
Tracked Since Feb 18, 2026