Skip to main content

Webaccess CVE-2015-3948

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-01-15 ics-cert@hq.dhs.gov
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 15, 2016 - 03:59 cve.org
MEDIUM 5.4

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Advantech Webaccess. Version information: before 8.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-0854 CRITICAL POC
9.8 Jan 15

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess

CVE-2016-0856 CRITICAL
9.8 Jan 15

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code

CVE-2014-9208 CRITICAL POC
10.0 Sep 11

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attacker

CVE-2017-14016 MEDIUM POC
6.3 Nov 06

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium

CVE-2016-5810 MEDIUM POC
4.9 May 02

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive

CVE-2019-3951 CRITICAL POC
9.8 Dec 12

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of

CVE-2019-3975 CRITICAL POC
9.8 Sep 10

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3954 CRITICAL POC
9.8 Jun 19

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3953 CRITICAL POC
9.8 Jun 18

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2018-6911 CRITICAL POC
9.8 Feb 13

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS

CVE-2018-15704 HIGH POC
8.8 Oct 22

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.

CVE-2019-3941 HIGH POC
7.5 Apr 09

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Rated

Share

CVE-2015-3948 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy