Vulnerabilities > Advantech > Webaccess Scada > 8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 6.1 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 8.8 |
| 2018-01-25 | CVE-2018-5445 | Path Traversal vulnerability in Advantech Webaccess/Scada A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. | 5.3 |
| 2018-01-25 | CVE-2018-5443 | SQL Injection vulnerability in Advantech Webaccess/Scada A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. | 5.3 |