Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via 1 the evtvariablename parameter in an evts.xml action to kw.dll, 2 unspecified search fields, or 3 unspecified...