Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29660 | 1 Softing | 1 Opc Toolbox | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. | |||||
CVE-2021-29661 | 1 Softing | 1 Opc Toolbox | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. |