CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...

PT-2023-1392 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions 7.9.2 and prior Description: A Cross-site Scripting vulnerability exists due to improper neutralization of input during web page generation. This issue affects the logging capabilities of the webserver...