VYPR
Medium severity5.4NVD Advisory· Published Apr 2, 2021· Updated Jun 17, 2026

CVE-2021-29661

CVE-2021-29661

Description

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.