Advantech WebAccess Stored Cross-Site Scripting

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a stored cross-site scripting
vulnerability.

Description :

The remote host has a version of Advantech WebAccess prior to version
7.1-2013.05.29 (which is reported by installs using the
'7.1-2013.05.30' installer package from the vendor). It is, therefore,
affected by a stored cross-site scripting vulnerability in the
'ProjDesc' parameter of the '/broadWeb/include/gAddNew.asp' script.

See also :

http://www.nessus.org/u?3bf0becc

Solution :

Upgrade to Advantech WebAccess version 7.1-2013.05.29 (contained in
7.1-2013.05.30 installer package) or higher.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 73642 ()

Bugtraq ID: 57178
57227

CVE ID: CVE-2013-2299