CVE-2013-2299
Advantech WebAccess < 7.1 - Authenticated Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-2299. PoCs published by SecPod Research.
AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in Advantech WebAccess HMI/SCADA Software. The vulnerability allows an authenticated attacker to inject arbitrary HTML and script code via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'.
Description
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This is a writeup detailing a stored XSS vulnerability in Advantech WebAccess HMI/SCADA Software. The vulnerability allows an authenticated attacker to inject arbitrary HTML and script code via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'.