Vulnerabilities > CVE-2021-33001 - Unspecified vulnerability in Xarrow 7.2

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
xarrow

Summary

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Xarrow
1