CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-26829

Known Exploited (CISA KEV)MEDIUM
5.4
CVSS Severity Score
EPSS Score65.9690%
EPSS Percentile96.27th
Published2021年6月11日
Last Modified2025年12月1日

Vulnerability Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

Affected Platforms (CPE)

📦
Scadabr

Scadabr

<= 0.9.1
📦
Scadabr

Scadabr

<= 1.12.4

References & Advisories

🔗 http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
🔗 https://youtu.be/Xh6LPCiLMa8
🔗 http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
🔗 https://youtu.be/Xh6LPCiLMa8
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26829
🔗 https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/

相關漏洞威脅

CVE-2021-268288.8

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbit...

CVE-2019-163216.1

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH...

CVE-2019-163446.1

A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inj...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...