Vulnerabilities > Advantech > Webaccess > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-34540 | Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 6.1 |
| 2018-10-31 | CVE-2018-15707 | Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2 Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. | 5.4 |
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.5 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 6.5 |
| 2018-10-22 | CVE-2018-15703 | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 6.1 |
| 2018-05-15 | CVE-2018-10591 | Session Fixation vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | 6.1 |
| 2018-01-12 | CVE-2017-16732 | Use After Free vulnerability in Advantech Webaccess A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. | 6.5 |
| 2017-11-06 | CVE-2017-14016 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 6.3 |
| 2017-05-02 | CVE-2016-5810 | Information Exposure vulnerability in Advantech Webaccess upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | 4.9 |
| 2016-06-25 | CVE-2016-4528 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 5.0 |