Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OSIsoft PI Web API
Vulnerability Description
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
OSIsoft PI Server 跨站脚本漏洞
Vulnerability Description
Osisoft OSIsoft PI是美国OSIsoft(Osisoft)公司的一套基于Ckient/Server结构的商品化软件应用平台。该平台支持数据采集、分析和可视化等。 OSIsoft PI Server 存在安全漏洞,具有写访问权限的远程身份验证攻击者可能会诱使用户与 PI Web API 端点交互并将其重定向到恶意网站。因此,受害者可能会向攻击者披露敏感信息或被提供虚假信息。
CVSS Information
N/A
Vulnerability Type
N/A