Vulnerabilities > Advantech > Webaccess Scada > 8.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 4.3 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 6.5 |
| 2019-02-05 | CVE-2019-6523 | SQL Injection vulnerability in Advantech Webaccess/Scada 8.3 WebAccess/SCADA, Version 8.3. | 7.5 |
| 2019-02-05 | CVE-2019-6521 | Improper Authentication vulnerability in Advantech Webaccess/Scada 8.3 WebAccess/SCADA, Version 8.3. | 7.5 |
| 2019-02-05 | CVE-2019-6519 | Improper Authentication vulnerability in Advantech Webaccess/Scada 8.3 WebAccess/SCADA, Version 8.3. | 7.5 |