Softing: >> Opc Toolbox Security Vulnerabilities
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-02
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-04-02