Description
A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected products
- Pilz / PASvisu0.0.0 – 1.14.1
- Pilz / PMI v8xx0.0.0 – 2.0.33992
References
- VENDOR_ADVISORYhttps://certvde.com/en/advisories/VDE-2023-050/