Vulnerabilities > Advantech > Webaccess > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-34540 | Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 4.3 |
| 2020-05-08 | CVE-2020-12026 | Path Traversal vulnerability in Advantech Webaccess Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. | 6.5 |
| 2020-05-08 | CVE-2020-12018 | Out-of-bounds Read vulnerability in Advantech Webaccess Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. | 5.0 |
| 2020-05-08 | CVE-2020-12014 | SQL Injection vulnerability in Advantech Webaccess Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. | 5.0 |
| 2020-05-08 | CVE-2020-12010 | Path Traversal vulnerability in Advantech Webaccess Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. | 5.8 |
| 2020-04-01 | CVE-2019-3942 | Insufficiently Protected Credentials vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. | 5.0 |
| 2020-03-27 | CVE-2020-10607 | Out-of-bounds Write vulnerability in Advantech Webaccess In Advantech WebAccess, Versions 8.4.2 and prior. | 6.5 |
| 2019-09-18 | CVE-2019-13556 | Out-of-bounds Write vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. | 6.5 |
| 2019-09-18 | CVE-2019-13552 | Command Injection vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | 6.5 |
| 2019-04-09 | CVE-2019-3941 | Missing Authentication for Critical Function vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | 6.4 |