PT-2019-9699 · Osisoft · Osisoft Pi Vision

Published

2019-04-08

Updated

2019-10-09

CVE-2018-19006

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OSIsoft PI Vision versions PI Vision 2017 through PI Vision 2017 R2

Description The application contains a cross-site scripting issue where displays that reference AF elements and attributes containing JavaScript are affected. This issue requires the ability of authorized AF users to store JavaScript in AF elements and attributes.

Recommendations For OSIsoft PI Vision versions PI Vision 2017 through PI Vision 2017 R2, consider restricting the ability of authorized AF users to store JavaScript in AF elements and attributes as a temporary workaround until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-19006

Affected Products

Osisoft Pi Vision

PT-2019-9699 · Osisoft · Osisoft Pi Vision

CVE-2018-19006

Weakness Enumeration

Related Identifiers

Affected Products

References · 3