SecPod Research Team member (Antu Sanadi) has found Persistence Cross-Site Scripting Vulnerability in Advantech WebAccess HMI/SCADA. The vulnerability is caused by improper validation ‘ProjDesc’ parameter in ‘broadWeb/include/gAddNew.asp’ (when tableName=pProject set). This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. […]

Read More →