Xss

CISA has added CVE-2021-26829-a stored cross-site scripting flaw in OpenPLC ScadaBR’s system_settings.shtm-to the Known Exploited Vulnerabilities (KEV) catalog, with a federal remediation due date of December 19, 2025 (date added November 28, 2025) (NVD record with KEV metadata). The bug affects ScadaBR through 1.12.4 on Windows and through 0.9.1 on Linux (NVD). Forescout’s honeypot reporting shows hacktivists moving from initial access to disruptive actions in roughly a day, including use of default credentials and UI defacement via this XSS vector (Forescout Vedere Labs; The Hacker News summary, Nov 30, 2025). ScadaBR deployments often run on Apache Tomcat; Tomcat access logs default under $CATALINA_BASE/logs and can be configured with the AccessLogValve (Tomcat 8.5 docs).