PT-2019-9699 · Osisoft · Osisoft Pi Vision

Publicado

2019-04-08

Atualizado

2019-10-09

CVE-2018-19006

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OSIsoft PI Vision versions PI Vision 2017 through PI Vision 2017 R2

Description The application contains a cross-site scripting issue where displays that reference AF elements and attributes containing JavaScript are affected. This issue requires the ability of authorized AF users to store JavaScript in AF elements and attributes.

Recommendations For OSIsoft PI Vision versions PI Vision 2017 through PI Vision 2017 R2, consider restricting the ability of authorized AF users to store JavaScript in AF elements and attributes as a temporary workaround until a patch is available.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-19006

Produtos afetados

Osisoft Pi Vision

PT-2019-9699 · Osisoft · Osisoft Pi Vision

CVE-2018-19006

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3