Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-15	CVE-2021-42703	Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. network low complexity advantech CWE-79	6.1
2020-08-06	CVE-2020-16211	Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. local low complexity advantech CWE-125	5.5