CVE-2021-21799
Description
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting in Advantech R-SeeNet v2.4.12 telnet_form.php allows arbitrary JavaScript execution via crafted URL.
Vulnerability
The telnet_form.php script in Advantech R-SeeNet v2.4.12 (20.10.2020) contains a cross-site scripting (XSS) vulnerability in the hostname parameter. The parameter is taken directly from the HTTP GET request without sanitization and embedded into the HTML `` tag on line 44, allowing injection of arbitrary JavaScript. [1]
Exploitation
An attacker can craft a URL with a malicious hostname parameter, such as ``, and trick a user into visiting it. No authentication or special network position is required beyond the victim's browser accessing the vulnerable R-SeeNet instance. [1]
Impact
Successful exploitation allows arbitrary JavaScript execution in the context of the victim's browser, potentially leading to session hijacking, credential theft, or other actions with the same privileges as the logged-in user. [1]
Mitigation
As of the publication date, no official fix has been disclosed in the available references. Users should monitor the vendor for updates and consider restricting access to the R-SeeNet web interface or applying a web application firewall rule to block malicious hostname inputs. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Advantech/R-SeeNetdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1270mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.