CVE-2023-25551
18.04.2023, 21:15
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters
over HTTP.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
| Vendor | Product | Version |
|---|---|---|
| schneider-electric | struxureware_data_center_expert | 𝑥 ≤ 7.9.2 |
𝑥
= Vulnerable software versions