Vulnerabilities > Advantech > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2018-15707 | Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2 Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. | 3.5 |
| 2018-05-15 | CVE-2018-10591 | Session Fixation vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | 2.6 |
| 2016-06-25 | CVE-2016-4525 | Unspecified vulnerability in Advantech Webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. local advantech | 3.3 |
| 2016-01-15 | CVE-2015-3948 | Cross-site Scripting vulnerability in Advantech Webaccess Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2013-08-22 | CVE-2013-2299 | Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0/7.0 Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |