CVE-2018-15707

Description

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.

Affected products

• Advantech / Advantech WebAccess8.3.1 and 8.3.2 – 8.3.1 and 8.3.2

References

• EXPLOIThttps://www.exploit-db.com/exploits/45774/
• MISChttps://www.tenable.com/security/research/tra-2018-35