CVE-2021-34540

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions 8.4.2 through 8.4.4

Description: The issue allows for cross-site scripting (XSS) attacks via the username column of the "bwRoot.asp" page of WADashboard. This occurs because the application does not properly validate user input, allowing an attacker to inject malicious scripts.

Recommendations: For Advantech WebAccess versions 8.4.2 through 8.4.4, consider restricting access to the bwRoot.asp page of WADashboard until a patch is available. As a temporary workaround, avoid using the username column in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.