PT-2025-45353 · Advantech · Advantech Webaccess/Vpn
Alex Williams
·
Published
2025-10-31
·
Updated
2025-11-06
·
CVE-2025-34236
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess/VPN versions prior to 1.1.5
Description
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) issue via the
NetworksController.addNetworkAction() function. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and execute arbitrary script in the context of a victim’s browser.Recommendations
Update Advantech WebAccess/VPN to version 1.1.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advantech Webaccess/Vpn