First published: Wed Mar 14 2018(Updated: )
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
OSIsoft PI Web API | <=2017 | |
OSIsoft PI Web API | =2017-r2 | |
OSIsoft PI Vision | <=2017 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7508 is a Cross-site Scripting (XSS) vulnerability discovered in OSIsoft PI Web API versions 2017 R2 and prior.
CVE-2018-7508 has a severity rating of 6.1 (medium).
CVE-2018-7508 allows for Cross-site Scripting (XSS) attacks on OSIsoft PI Web API versions 2017 R2 and prior.
CVE-2018-7508 is associated with CWE-79, which is the Weakness ID for Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
To fix CVE-2018-7508, it is recommended to update to a version of OSIsoft PI Web API that is beyond 2017 R2.