DIALink Cross-Site Scripting Vulnerability (CNVD-2021-84840)

DIALink is a device networking platform from Delta Electronics that allows effective management of CNC machines and PLC-controlled machines, collects field device data and interfaces with the upper management platform through a unified interface, and provides visual information to reflect process parameters and device operating status. scripting vulnerability. An attacker can use this vulnerability to inject arbitrary JavaScript code into the comment parameter of an API event, which allows remote code execution.