Advantech WebAccess Stored Cross-Site Scripting

Low Nessus Plugin ID 73642


The remote host is affected by a stored cross-site scripting vulnerability.


The remote host has a version of Advantech WebAccess prior to version 7.1-2013.05.29 (which is reported by installs using the '7.1-2013.05.30' installer package from the vendor). It is, therefore, affected by a stored cross-site scripting vulnerability in the 'ProjDesc' parameter of the '/broadWeb/include/gAddNew.asp' script.


Upgrade to Advantech WebAccess version 7.1-2013.05.29 (contained in 7.1-2013.05.30 installer package) or higher.

See Also

Plugin Details

Severity: Low

ID: 73642

File Name: scada_advantech_webaccess_7_1_2013_05_29.nbin

Version: $Revision: 1.44 $

Type: remote

Family: SCADA

Published: 2014/04/14

Modified: 2018/06/15

Dependencies: 73645

Risk Information

Risk Factor: Low


Base Score: 3.5

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/08/13

Vulnerability Publication Date: 2013/01/08

Reference Information

CVE: CVE-2013-2299

BID: 57178, 57227

EDB-ID: 23968

ICSA: 13-225-01

ICS-ALERT: 13-009-01