CVE-2022-37952

Name of the Vulnerable Software and Affected Versions WorkstationST versions prior to 07.09.15

Description A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST, which could allow an attacker to compromise a victim's browser. The vulnerability is due to the lack of protection of the web page structure. WorkstationST is only deployed in specific, controlled environments, rendering attack complexity significantly higher than if the attack were conducted on the software in isolation.

Recommendations For WorkstationST versions prior to 07.09.15, update to version 07.09.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the iHistorian Data Display to minimize the risk of exploitation.