CVE-2021-21800

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.12

Description The issue exists in the ssh form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For Advantech R-SeeNet version 2.4.12, consider disabling the ssh form.php script functionality until a patch is available to prevent exploitation. Restrict access to the vulnerable script to minimize the risk of arbitrary JavaScript code execution. Avoid using crafted URLs that could trigger this issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.