3 matches found
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25551
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25551
Summary of CVE-2023-25551 (CWE-79, XSS) : A cross-site scripting vulnerability exists in Schneider Electric StruxureWare Data Center Expert (DCE) file upload endpoint, exploitable by tampering with HTTP parameters. Affected products: StruxureWare Data Center Expert (versions prior to 7.9.2). Root...