CVE-2018-15707

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 8.3.1 through 8.3.2

Description The issue is related to insufficient protection of the web page structure, allowing for cross-site scripting attacks. An attacker could leverage this to disclose credentials, amongst other things. The vulnerability is specifically found in the Bwmainleft.asp page.

Recommendations For Advantech WebAccess versions 8.3.1 and 8.3.2, consider restricting access to the Bwmainleft.asp page until a fix is available. As a temporary workaround, avoid using the Bwmainleft.asp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.