Unrated severityNVD Advisory· Published Nov 15, 2023· Updated Aug 2, 2024
CVE-2023-5987
CVE-2023-5987
Description
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
Affected products
3- Range: Version 2020 CU2 and prior
- Schneider Electric/Ecostruxure™ Power Operation (epo) Advanced Reporting And Dashboards Modulecpe-rescue2 versions
Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021+ 1 more
- (no CPE)range: Advanced Reporting and Dashboards Module 2021 prior to CU2 for EcoStruxure Power Operation 2021
- (no CPE)range: EcoStruxure Power SCADA Operation (PSO) 2020 or 2020 R2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.