Stored XSS vulnerability in Softing AG OPC Toolbox through 4.10.1.13035 via /en/diag_values.html
CVE-2021-29661 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
Learn more about our User Device Pen Test.