CVE-2021-35956
Description
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in AKCP sensorProbe before SP480-20210624 allows authenticated attackers to inject arbitrary JavaScript via sensor description and other fields.
Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in the embedded webserver of AKCP sensorProbe devices prior to firmware version SP480-20210624. The vulnerability affects the Sensor Description, Email (from/to/cc), System Name, and System Location fields, which do not properly sanitize user input [1].
Exploitation
An attacker must have valid authenticated access to the sensorProbe web interface. The attacker can then inject arbitrary JavaScript into any of the vulnerable fields. When an administrator or other user views the affected page, the injected script executes in the context of the victim's session [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, defacement, or theft of sensitive information. The attack is persistent (stored) and affects all users who view the injected content [1].
Mitigation
AKCP has released firmware version SP480-20210624 to address this vulnerability. All users should update to this version or later. No workarounds are documented; updating is the recommended solution [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AKCP/sensorProbedescription
- Range: < SP480-20210624
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- packetstormsecurity.com/files/163343/AKCP-sensorProbe-SPX476-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- www.akcp.in.th/downloads/Firmwares/SP480-20210624.zipmitrex_refsource_MISC
- tbutler.org/2021/06/28/cve-2021-35956mitrex_refsource_MISC
- www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.