CVE-2011-4522
published 2012-02-21CVE-2011-4522: Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
0.99%
58.1th percentile
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 6.0 | — |
| advantech | advantech_webaccess | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Vulnerabilities (UPDATE A)
cisa_ics·2011-11-02
Advantech WebAccess Vulnerabilities (UPDATE A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities (UPDATE A)
Last RevisedAugust 27, 2018
Alert CodeICSA-12-047-01A
OVERVIEW
This advisory follows up on two previous ICS-CERT Alerts:
- “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15, 2012.
- “ICS‑ALERT-11-306-01—Advantech BroadWin WebAccess ActiveX Vulnerability,” published November 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-306-01, ICS-ALERT-11-306-01,
GHSA
GHSA-qm87-cv6m-g44j: Cross-site scripting (XSS) vulnerability in bwerrdn
ghsa_unreviewed·2022-05-14
CVE-2011-4522 [MEDIUM] CWE-79 GHSA-qm87-cv6m-g44j: Cross-site scripting (XSS) vulnerability in bwerrdn
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-02-21
Published