Unrated severityNVD Advisory· Published May 16, 2022· Updated Apr 16, 2025

xArrow SCADA Cross-site Scripting

CVE-2021-33001

Description

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.

Affected products

Elipse/SCADAllm-fuzzy
Range: <=7.2
xArrow/xArrow SCADAv5
Range: unspecified

Patches

Vulnerability mechanics

References

www.cisa.gov/uscert/ics/advisories/icsa-21-229-03mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000