CVE-2021-26829
MEDIUM KEVScadabr < 0.9.1 - XSS
Title source: ruleDescription
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
References (4)
Scores
CVSS v3
5.4
EPSS
0.0694
EPSS Percentile
91.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CISA KEV
2025-11-28
VulnCheck KEV
2025-10-09
ENISA EUVD
EUVD-2021-13614
CWE
CWE-79
Status
published
Products (1)
scadabr/scadabr
< 0.9.1
Published
Jun 11, 2021
KEV Added
Nov 28, 2025
Tracked Since
Feb 18, 2026