CVE-2021-42703 MEDIUM

CVE-2021-42703: AzeoTech DAQFactory

Vendor Advantech

Product HMI Designer

Weakness CWE-79 · XSS

Published November 15, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.

Key dates

02Disclosure timeline

November 15, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42703

Related vulnerabilities

04Related CVE

CVE-2025-34182 Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS CVE-2025-46917 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering CVE-2024-2753 Concrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar color settings screen CVE-2023-51548 WordPress SlickNav Mobile Menu Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Identifiers

CVE CVE-2021-42703

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Advantech

Product HMI Designer

Affected ≥ All versions and ≤ 2.1.11.0