Medium severity5.4NVD Advisory· Published Apr 2, 2021· Updated Jun 17, 2026
CVE-2021-29661
CVE-2021-29661
Description
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
Affected products
2- Softing AG/OPC Toolboxdescription
- Range: <=4.10.1.13035
Patches
Vulnerability mechanics
References
1- www.gruppotim.it/redteamnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.