Vulnerabilities > Softing > OPC Toolbox
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-02 | CVE-2021-29661 | Cross-site Scripting vulnerability in Softing OPC Toolbox Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. | 3.5 |
2021-04-02 | CVE-2021-29660 | Cross-Site Request Forgery (CSRF) vulnerability in Softing OPC Toolbox A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | 6.8 |