CVE-2011-4035

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

2.1%

top 15.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Citecthistorian Schneider-electric Citectscada Reports Schneider-electric Vijeo Historian

Timeline

PublishedDec 2

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDschneider-electric/citecthistorian4.30+1

▶NVDschneider-electric/vijeo_historian4.30+3

▶NVDschneider-electric/citectscada_reports4.10+1

🔴Vulnerability Details

GHSA

GHSA-2j6r-9hxr-mp8g: Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4↗2022-05-17

▶

CVEList

CVE-2011-4035: Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4↗2011-12-02

▶