2 matches found
CVE-2020-7571
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation Cross-site Scripting Reflected vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of use...
CVE-2020-7571
Schneider Electric EcoStruxure Building Operation WebReports (V1.9–V3.1) is affected by a reflected Cross-site Scripting (CWE-79) due to improper input sanitization during webpage generation. A remote, authenticated user could inject arbitrary web script/HTML that may be executed in other WebRepo...