Vulnerability Details CVE-2021-29661
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2021-29661
-
cpe:2.3:a:softing:opc_toolbox:-
-
cpe:2.3:a:softing:opc_toolbox:4.10.1.13035