CVE-2021-21927

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet (affected versions not specified)

Description The issue is related to the incorrect handling of the loc filter parameter in the device list component of the Advantech R-SeeNet monitoring software. This can allow a remote attacker to conduct cross-site scripting attacks by sending specially crafted SQL queries. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, which can be done as any authenticated user or through cross-site request forgery at the loc filter parameter.

Recommendations As a temporary workaround, consider disabling the loc filter parameter until a patch is available. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the loc filter parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.