CNNVD-202511-506 Information
CNNVD ID
CNNVD-202511-506
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Advantech WebAccess/VPN是中国台湾研华(Advantech)公司的一款高级网络安全平台。 Advantech WebAccess/VPN 1.1.5之前版本存在安全漏洞,该漏洞源于StandaloneVpnClientsController.addStandaloneVpnClientAction函数对用户输入验证不足,可能导致存储型跨站脚本攻击。
Description (English)
Advantech WebAccess/VPN is a high-level network security platform for the company Advantech. A security loophole existed in the pre-Advantech WebAccess/VPN 1.1.5 version, which originated in the Standalone VpnClitsController.addStandaloneVpnClitaction function, which did not have sufficient proof of user input and could lead to a storage-type cross-site script attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
研华
Published
2025-11-06
Last Modified
2026-02-24
References
https://icr.advantech.com/download/software https://icr.advantech.com/support/router-models/download/511/sa-2025-01-vpn-portal-2025-11-06.pdf https://www.vulncheck.com/advisories/advantech-webaccess-vpn-stored-xss-via-standalonevpnclientscontroller
Patch
https://icr.advantech.com/download/software
Share on: