Cross-Site Scripting Vulnerability in PcVue OAuth Web Services
CVE-2026-1695

5.3MEDIUM

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
26 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-1695?

An XSS vulnerability exists in the OAuth web services utilized by various features of PcVue, including WebVue, WebScheduler, TouchVue, and SnapVue, specifically in versions 12.0.0 to 16.3.3. This security weakness may enable a remote attacker to deceive legitimate users into loading external content when an authentication attempt on an unrecognized application fails, impacting only the error page of the OAuth server.

Affected Version(s)

PcVue 16.0.0 <= 16.3.3

PcVue 15.0.0 <= 15.2.13

PcVue 12.0.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.