Page 3 of 14 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized. e ha descubierto un problema de Cross-Site Scripting (XSS) en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Podría darse Cross-Site Scripting (XSS) cuando las entradas se neutralizan de forma incorrecta. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure. Se ha descubierto un problema de exposición de información en OSIsoft PI Vision, en versiones 2017 y anteriores. Tanto la cabecera de respuesta del servidor como la cabecera de respuesta de referrer-policy proporcionan una divulgación de información no deseada. • http://www.securityfocus.com/bid/103390 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account. Se ha descubierto un problema de permisos, privilegios y controles de acceso en OSIsoft PI Web API, versiones 2017 R2 y anteriores. Se podría escalar privilegios, lo que daría a los atacantes acceso al sistema PI mediante la cuenta de servicio. • http://www.securityfocus.com/bid/103396 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-04 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The X-XSS-Protection response header is not set to block, allowing attempts at reflected cross-site scripting. Se ha descubierto un problema de fallo del mecanismo de protección en OSIsoft PI Vision, en versiones 2017 y anteriores. La cabecera de respuesta X-XSS no está establecida en block, lo que permite intentos de Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/103390 https://ics-cert.us-cert.gov/advisories/ICSA-18-072-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-693: Protection Mechanism Failure •