CVE-2011-4038

Name of the Vulnerable Software and Affected Versions Invensys Wonderware HMI Reports versions 3.42.835.0304 and earlier Ocean Data Systems Dream Report versions prior to 4.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. This could potentially lead to unauthorized access or control of the affected system.

Recommendations For Invensys Wonderware HMI Reports versions 3.42.835.0304 and earlier, update to a version later than 3.42.835.0304. For Ocean Data Systems Dream Report versions prior to 4.0, update to version 4.0 or later.