DIALink Cross-Site Scripting Vulnerability

DIALink is a device networking platform from Delta Electronics that allows effective management of CNC machines and PLC-controlled machines, collects field device data and interfaces with the upper management platform through a unified interface, and provides visual information to reflect process parameters and device operating status. scripting vulnerability. An attacker can use this vulnerability to inject arbitrary JavaScript code into the deviceName parameter of the API modbusWriter-Reader and execute the code remotely.