Cross-Site Scripting Vulnerability in EcoStruxure Building Operation by Schneider Electric
CVE-2020-7571
5.4MEDIUM
Summary
A Cross-Site Scripting vulnerability exists in EcoStruxure Building Operation WebReports versions 1.9 through 3.1, allowing remote attackers to inject arbitrary web scripts or HTML. This is due to inadequate sanitization of user-supplied data, resulting in reflected XSS attacks that could potentially affect other users accessing the WebReports interface. Users are advised to implement proper input validation measures to mitigate these risks.
Affected Version(s)
EcoStruxure Building Operation WebReports V1.9 - V3.1 EcoStruxure Building Operation WebReports V1.9 - V3.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved