Description
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Advantech / HMI DesignerAll versions – 2.1.11.0
References
- VENDOR_ADVISORYhttps://us-cert.cisa.gov/ics/advisories/icsa-21-173-01