CVE-2013-2299
published 2013-08-22CVE-2013-2299: Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject…
PriorityP416low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
1.50%
71.1th percentile
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 7.0 | — |
| advantech | advantech_webaccess | — | — |
| advantech | advantech_webaccess | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gpjv-wgw8-rr4m: Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7
ghsa_unreviewed·2022-05-17
CVE-2013-2299 [LOW] CWE-79 GHSA-gpjv-wgw8-rr4m: Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CISA ICS
Advantech WebAccess Cross-Site Scripting
cisa_ics·2013-01-09
Advantech WebAccess Cross-Site Scripting
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Cross-Site Scripting
Last RevisedMarch 12, 2014
Alert CodeICSA-13-225-01
## OVERVIEW
This advisory is a follow-up to the alert titled ICS-ALERT-13-009-01 Advantech WebAccess Cross-Site Scripting that was published January 9, 2013, on the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability in Advantech’s WebAccess application.
Independent researcher Sanadi Antu identified a cross-site scripting vulnerability and released proof-of-concept (exploit) code for Advantech WebAccess application without coordination with ICS-CERT, the ven
No detection rules found.
No writeups or analysis indexed.
2013-08-22
Published