CVE-2023-25553

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 34.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider Electric Struxureware Data Center ExpertSchneider-electric Struxureware Data Center Expert
Timeline
PublishedApr 18

Description

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
CVE-2023-25553: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logg2023-04-18
GHSA
GHSA-fp4v-687c-hwj5: A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logg2023-04-18
CVE-2023-25553 (MEDIUM CVSS 6.1) | A CWE-79: Improper Neutralization o | cvebase.io