Cross-Site Scripting Vulnerability in PcVue OAuth Web Services
CVE-2026-1695
5.3MEDIUM
What is CVE-2026-1695?
An XSS vulnerability exists in the OAuth web services utilized by various features of PcVue, including WebVue, WebScheduler, TouchVue, and SnapVue, specifically in versions 12.0.0 to 16.3.3. This security weakness may enable a remote attacker to deceive legitimate users into loading external content when an authentication attempt on an unrecognized application fails, impacting only the error page of the OAuth server.
Affected Version(s)
PcVue 16.0.0 <= 16.3.3
PcVue 15.0.0 <= 15.2.13
PcVue 12.0.0
