Advantech WebAccess Stored Cross-Site Scripting

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by a stored cross-site scripting

Description :

The remote host has a version of Advantech WebAccess prior to version
7.1-2013.05.29 (which is reported by installs using the
'7.1-2013.05.30' installer package from the vendor). It is, therefore,
affected by a stored cross-site scripting vulnerability in the
'ProjDesc' parameter of the '/broadWeb/include/gAddNew.asp' script.

See also :

Solution :

Upgrade to Advantech WebAccess version 7.1-2013.05.29 (contained in
7.1-2013.05.30 installer package) or higher.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 3.3
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 73642 ()

Bugtraq ID: 57178

CVE ID: CVE-2013-2299