CVE-2023-25553

Name of the Vulnerable Software and Affected Versions StruxureWare Data Center Expert versions 7.9.2 and prior

Description A Cross-site Scripting vulnerability exists due to improper neutralization of input during web page generation. This issue affects the logging capabilities of the webserver, potentially allowing a remote attacker to conduct a Cross-site Scripting (XSS) attack.

Recommendations For StruxureWare Data Center Expert versions 7.9.2 and prior, consider disabling the logging capabilities of the webserver as a temporary workaround until a patch is available. Restrict access to the DCE endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.