| ID |
CVE-2025-4417
|
| Sažetak |
A cross-site scripting vulnerability exists in
AVEVA PI Connector for CygNet
Versions 1.6.14 and prior that, if exploited, could allow an
administrator miscreant with local access to the connector admin portal
to persist arbitrary JavaScript code that will be executed by other
users who visit affected pages. |
| Reference |
|
| CVSS |
| Base: | 5.5 |
| Impact: | 4.0 |
| Exploitability: | 1.1 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
LOW |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
HIGH |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N |
| Zadnje važnije ažuriranje |
12-06-2025 - 20:15 |
| Objavljeno |
12-06-2025 - 20:15 |
