Cross-Site Scripting Vulnerability in Advantech WebAccess Products
CVE-2021-34540
6.1MEDIUM
What is CVE-2021-34540?
A Cross-Site Scripting vulnerability exists in Advantech WebAccess versions 8.4.2 and 8.4.4. This issue arises from improper validation of user input in the username field on the bwRoot.asp page of WADashboard, allowing attackers to inject malicious scripts. Exploitation of this vulnerability can lead to a range of attacks, including session hijacking, data theft, and defacement of user interfaces.