CVE-2020-7571

Name of the Vulnerable Software and Affected Versions: EcoStruxure Building Operation WebReports versions 1.9 through 3.1

Description: The issue is related to insufficient protection of the web page structure, allowing a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data. This could lead to a Cross-Site Scripting reflected attack against other WebReport users. The vulnerability is associated with improper neutralization of input during web page generation.

Recommendations: For versions 1.9 through 3.1, update to a version that properly sanitizes user-supplied data to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the WebReports feature until a patch is available. Additionally, ensure that all user input is validated and sanitized to minimize the risk of exploitation.