Description
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44955
Patch, Third Party Advisory, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01.pdf
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/72987
Patch, Third Party Advisory, US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-10-314-01A.pdf
Third Party Advisory x_refsource_misc
http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
Scores
EPSS
0.0054
EPSS Percentile
67.9%
Details
CWE
CWE-79
Status
published
Products (5)
aveva/clearscada
2005
aveva/clearscada
2007
aveva/clearscada
2009
schneider-electric/scx_67
< r4.5
schneider-electric/scx_68
< r3.9
Published
Aug 16, 2011
Tracked Since
Feb 18, 2026