Advantech WebAccess HMI Designer is a human-machine interface integrated development tool from Advantech of Taiwan, China. A cross-site scripting vulnerability exists in versions prior to Advantech WebAccess HMI Designer 2.1.11.0, which stems from a lack of effective filtering and escaping of user-submitted parameters. An attacker could use the vulnerability to send malicious Javascript code to hijack the user’s cookie session token, redirect the user to a malicious web page, and perform unexpected browser actions.
CPE | Name | Operator | Version |
---|---|---|---|
Advantech WebAccess HMI Designer <2. | eq | 1.11.0 |