NullByte8080/CVE-2026-36226

GitHub: NullByte8080/CVE-2026-36226

Stars: 0 | Forks: 0

# CVE-2026-36226: Advantech WebAccess/SCADA Create New Project User XSS PoC This repository contains a benign proof of concept for `CVE-2026-36226`, a cross-site scripting issue in Advantech WebAccess/SCADA 8.0-2015.08.16. This repository is for authorized security research and local reproduction only. Do not use it against systems you do not own or have explicit permission to test. ## Summary Advantech WebAccess/SCADA 8.0-2015.08.16 contains a cross-site scripting vulnerability in the Admin Dashboard Create New Project User component. The `decryption` field does not sufficiently sanitize or encode user-controlled input before it is rendered in the application, allowing a remote attacker to execute JavaScript in the browser context of an authenticated user. ## Discoverer Vaibhav D. Barkade ## Affected Product - Vendor: Advantech - Product: WebAccess/SCADA - Version: 8.0-2015.08.16 - Component: Admin Dashboard, Create New Project User - Field: `decryption` - Vulnerability type: Cross-Site Scripting - Attack type: Remote ## Usage Open the local helper page: python3 -m http.server 8000 Then browse to: http://127.0.0.1:8000/poc.html Or copy a payload directly from: Default benign payload: "> ## Manual Verification 1. Log in to an authorized lab instance of Advantech WebAccess/SCADA 8.0-2015.08.16. 2. Open the Admin Dashboard. 3. Navigate to Create New Project User. 4. Paste the benign payload into the `decryption` field. 5. Save or preview the record. 6. If an alert executes in the browser, the field is vulnerable to XSS. ## Impact Successful exploitation allows browser-side JavaScript execution in the context of a user viewing the affected page. Depending on session configuration and user privileges, this can enable session hijacking, sensitive information disclosure, or actions performed as the victim user. ## Mitigation - Encode untrusted data before rendering it in HTML, attribute, JavaScript, or URL contexts. - Validate and reject markup/script input in the `decryption` field. - Apply a restrictive Content Security Policy. - Mark session cookies as `HttpOnly`, `Secure`, and `SameSite`. - Upgrade to a fixed vendor release if available.
标签:后端开发