CVE-2018-19006
https://notcve.org/view.php?id=CVE-2018-19006
OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. OSIsoft PI Vision, versiones PI Vision 2017 y PI Vision 2017 R2. La aplicación contiene una vulnerabilidad de tipo Cross-Site Scripting en la que se ven afectadas las presentaciones que hacen referencia a elementos AF y atributos que contienen JavaScript. Esta vulnerabilidad requiere la capacidad de usuarios AF autorizados para almacenar JavaScript en elementos y atributos AF. • https://ics-cert.us-cert.gov/advisories/ICSA-19-043-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7508
https://notcve.org/view.php?id=CVE-2018-7508
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. e ha descubierto un problema de Cross-Site Scripting (XSS) en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Podría darse Cross-Site Scripting (XSS) cuando las entradas se neutralizan de forma incorrecta. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7496
https://notcve.org/view.php?id=CVE-2018-7496
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. Se ha descubierto un problema de exposición de información en OSIsoft PI Vision, en versiones 2017 y anteriores. Tanto la cabecera de respuesta del servidor como la cabecera de respuesta de referrer-policy proporcionan una divulgación de información no deseada. • http://www.securityfocus.com/bid/103390 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-7500
https://notcve.org/view.php?id=CVE-2018-7500
A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. Se ha descubierto un problema de permisos, privilegios y controles de acceso en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Se podría escalar privilegios, lo que daría a los atacantes acceso al sistema PI mediante la cuenta de servicio. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-7504
https://notcve.org/view.php?id=CVE-2018-7504
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. Se ha descubierto un problema de fallo del mecanismo de protección en OSIsoft PI Vision, en versiones 2017 y anteriores. La cabecera de respuesta X-XSS no está establecida en block, lo que permite intentos de Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/103390 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-693: Protection Mechanism Failure •