PT-2026-22127 · Touchvue+4 · Touchvue+4
Published
2026-02-26
·
Updated
2026-03-12
·
CVE-2026-1695
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PcVue versions 12.0.0 through 16.3.3
Description
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features. The issue exists on the error page of the OAuth server and may allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication. The vulnerable component is the OAuth server. The
client id is involved in the authentication process.Recommendations
Update to a version later than 16.3.3.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pcvue
Snapvue
Touchvue
Web Schedule
Webvue