Cross site request forgery (csrf)

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

Code injection

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-21803

Advantech R‑SeeNet’s device_graph_page.php has multiple reflected XSS vulnerabilities (CVE-2021-21803) via parameters such as is2sim, graph, and device_id. Exploitation can execute arbitrary JavaScript in the victim’s browser, even without authentication. Affected version noted in sources around ...

CVE-2021-21802

Advantech R-SeeNet is affected by CVE-2021-21802 in the device_graph_page.php script. The vulnerability is a cross-site scripting (XSS) issue triggered when attacker-controlled input (graph, device_id, is2sim) is unsafely embedded in HTML output, enabling arbitrary JavaScript execution in the vic...

CVE-2021-21801

CVE-2021-21801 affects Advantech R-SeeNet and targets the device_graph_page.php script, specifically the graph parameter. The NVD/Nuclei/Talos sources describe a cross-site scripting vulnerability that can lead to arbitrary JavaScript execution in the victim’s browser when a user visits a crafted...

CVE-2021-21804

Advantech R-SeeNet v2.4.12 contains a local file inclusion (LFI) in options.php where unsanitized user input ($sub_opt) is passed to include, enabling arbitrary PHP code execution. The TALOS writeup confirms an exploitable path via crafted HTTP requests (example uses php://filter to read config.i...

CVE-2021-21804

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

CVE-2021-21800

CVE-2021-21800 affects Advantech R-SeeNet 2.4.12 (ssh_form.php). It is a reflected cross-site scripting vulnerability that allows arbitrary JavaScript execution in the context of the targeted user’s browser when visiting a crafted URL. Documented impact includes potential exposure of administrato...

CVE-2021-21799

Advantech R-SeeNet 2.4.12 is affected by a reflected XSS in telnet_form.php. The issue arises from improper input handling in telnet_form.php, enabling arbitrary script execution in the victim’s browser when a crafted URL is visited. Nuclei templates describe the vulnerability as a reflected XSS;...

CVE-2021-21799

Cross-site scripting vulnerabilities exist in the telnetform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a...

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-92259)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet. The vulnerability stems fr...

PT-2021-14787 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: A local file inclusion LFI vulnerability exists in the options.php script functionality. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted...

Advantech R-SeeNet File Inclusion Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet suffers from a file inclusion vulnerability, which stems from the failure ...

Advantech R-SeeNet ping.php OS Command Injection Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms, and is available for Linux and Windows platforms.An OS command injection vulnerability exists in Advantech R-SeeNet ping.php, which stems fro...

PT-2021-14784 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...

PT-2021-14785 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...

PT-2021-14786 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is related to the device graph page.php script in Advantech R-SeeNet web applications. It allows an attacker to execute arbitrary JavaScript code by crafting a special...

Advantech R-SeeNet Cross-Site Scripting Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet, which stems from the lack ...

Advantech R-SeeNet telnet_form.php Cross-Site Scripting Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet telnetform.php in v2.4.12 contains a cross-site scripting vulnerability tha...