← Back

Opc Toolbox

opc_toolbox

Vendor: Softing • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-29661
1Softing
1Opc Toolbox
Nov 21, 2024
Apr 2, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be trigge...Show more
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.Show less
CVE-2021-29660
1Softing
1Opc Toolbox
Nov 21, 2024
Apr 2, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a...Show more
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.Show less