CVE-2021-21801: 
Advantech R-SeeNet vulnerability analysis and mitigation

CVE-2021-21801 is a cross-site scripting (XSS) vulnerability discovered in the devicegraphpage.php script of Advantech R-SeeNet version 2.4.12 (20.10.2020). The vulnerability was disclosed on July 15, 2021, affecting the R-SeeNet web applications, which is a software system used for monitoring Advantech routers (Talos Report).

The vulnerability exists in the graph parameter handling of the devicegraphpage.php script. The script accepts a graph parameter that is not properly sanitized in the context of XSS payload, allowing the value from the user to be embedded directly into HTML code. The vulnerability has received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST and 9.6 (CRITICAL) from Talos, with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (NVD, Talos Report).

When successfully exploited, this vulnerability can lead to arbitrary JavaScript code execution in the context of the targeted user's browser. Notably, the victim does not need to be logged in to be affected by this vulnerability, increasing its potential impact (Talos Report).

Security researchers have noted that while this vulnerability is commonly included in scanning activities, particularly in OT-related industries, it appears to be part of broad vulnerability scanning efforts rather than targeted attacks. The vulnerability requires several steps for successful exploitation, including user interaction, which may limit its practical impact (SecurityWeek).