M. Bineder

**Name of the Vulnerable Software and Affected Versions** Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 **Description** The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the `device name` field of the web-interface. The vulnerability exists due to inadequate protection of the web page structure, which may allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling the web-interface or restricting access to the `device name` field until a patch is available. Avoid using the `device name` field in the web-interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 **Description** The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the `ping` tool of the web-interface. The vulnerability exists due to the lack of protection measures for the web page structure, allowing a remote attacker to conduct cross-site scripting attacks using the `ping` tool. **Recommendations** For Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21, consider disabling the `ping` tool in the web-interface as a temporary workaround until a patch is available. Restrict access to the web-interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.