Schneider-electric » Struxureware Data Center Expert : Security Vulnerabilities, CVEs, (XSS) CVSS score >= 1
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the
webserver.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-04-18
Updated
2023-04-27
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters
over HTTP.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-04-18
Updated
2023-04-27
2 vulnerabilities found