A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the
webserver.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
Configurations
History
27 Apr 2023, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf - Vendor Advisory |
18 Apr 2023, 21:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-18 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-25553
Mitre link : CVE-2023-25553
CVE.ORG link : CVE-2023-25553
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')