cbcvebase.
CVE-2023-25553
published 2023-04-18

CVE-2023-25553: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Affected

2 ranges
VendorProductVersion rangeFixed in
schneider-electricstruxureware_data_center_expert<= 7.9.2
schneider_electricstruxureware_data_center_expertAll – V7.9.2