Skip to main content

Advantech Webaccess CVE-2012-0233

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2012-02-21 cret@cert.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 21, 2012 - 13:31 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Affected products include: Advantech Advantech Webaccess. Version information: before 7.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-0763 HIGH POC
7.5 Apr 12

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity

CVE-2014-2364 HIGH POC
7.5 Jul 19

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code

CVE-2012-0242 CRITICAL POC
10.0 Feb 21

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code

CVE-2012-0241 MEDIUM POC
5.0 Feb 21

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a m

CVE-2012-0243 CRITICAL
10.0 Feb 21

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers

CVE-2012-0238 CRITICAL
10.0 Feb 21

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute

CVE-2012-0240 CRITICAL
10.0 Feb 21

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remo

CVE-2014-2366 CRITICAL
9.0 Jul 19

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTM

CVE-2014-0768 HIGH
7.5 Apr 12

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buff

CVE-2014-0767 HIGH
7.5 Apr 12

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control.

CVE-2014-0766 HIGH
7.5 Apr 12

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer o

CVE-2014-0765 HIGH
7.5 Apr 12

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7

Share

CVE-2012-0233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy