CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
References
Link Resource
https://www.gruppotim.it/redteam Exploit Third Party Advisory
https://www.gruppotim.it/redteam Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:softing:opc_toolbox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:01

Type Values Removed Values Added
References () https://www.gruppotim.it/redteam - Exploit, Third Party Advisory () https://www.gruppotim.it/redteam - Exploit, Third Party Advisory

Information

Published : 2021-04-02 19:15

Updated : 2024-11-21 06:01


NVD link : CVE-2021-29661

Mitre link : CVE-2021-29661

CVE.ORG link : CVE-2021-29661


JSON object : View

Products Affected

softing

  • opc_toolbox
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')