CVE-2018-15703: XSS
First published: Mon Oct 22 2018(Updated: )
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebOP | <=8.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-15703?
CVE-2018-15703 is considered a medium severity vulnerability due to its potential for reflected cross-site scripting attacks.
How do I fix CVE-2018-15703?
To mitigate CVE-2018-15703, upgrade to a version of Advantech WebAccess that is above 8.3.2 to avoid the reflected XSS vulnerabilities.
What types of attacks are possible with CVE-2018-15703?
CVE-2018-15703 allows remote unauthenticated attackers to perform reflected cross-site scripting attacks.
What software is affected by CVE-2018-15703?
CVE-2018-15703 affects Advantech WebAccess versions 8.3.2 and below.
Can CVE-2018-15703 be exploited without authentication?
Yes, CVE-2018-15703 can be exploited by unauthenticated attackers.
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advantech
- canonical/advantech webop
- version/advantech webop/8.3.2