CVE-2021-21800
Description
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting (XSS) vulnerability in Advantech R-SeeNet 2.4.12 ssh_form.php allows arbitrary JavaScript execution via crafted URL.
Vulnerability
Advantech R-SeeNet v 2.4.12 (20.10.2020) ssh_form.php script accepts a hostname parameter via HTTP GET request without sanitization. The parameter is embedded directly into the HTML title and a `` tag, enabling reflected XSS. [1]
Exploitation
An attacker can craft a URL containing malicious JavaScript in the hostname parameter. The victim must visit the crafted URL. No authentication required. Example: GET /php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E%3Ctitle%3E [1]
Impact
Successful exploitation leads to arbitrary JavaScript execution in the victim's browser within the context of the R-SeeNet application. This can result in data theft, session hijacking, or further attacks. CVSS score 9.6 (Critical). [1]
Mitigation
As of the reference date, no fix was available. Users should restrict access to the application or apply input validation as a workaround. Check vendor for updates. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Advantech/R-SeeNetdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1271mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.