A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters
over HTTP.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
References
Configurations
History
21 Nov 2024, 07:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf - Vendor Advisory |
Information
Published : 2023-04-18 21:15
Updated : 2024-11-21 07:49
NVD link : CVE-2023-25551
Mitre link : CVE-2023-25551
CVE.ORG link : CVE-2023-25551
JSON object : View
Products Affected
schneider-electric
- struxureware_data_center_expert
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')