CVE-2015-3948

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to 8.1

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors due to inadequate protection of the web page structure during authentication. The exploitation of this issue may enable a remote attacker to inject arbitrary web scripts or HTML code because of incorrect filtering of user-input data.

Recommendations For Advantech WebAccess versions prior to 8.1, update to version 8.1 or later to resolve the issue.