Description
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71503
Various Sources x_refsource_confirm
http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf
Various Sources x_refsource_confirm
http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695
Scores
EPSS
0.0209
EPSS Percentile
84.2%
Details
CWE
CWE-79
Status
published
Products (8)
schneider-electric/citecthistorian
4.20
schneider-electric/citecthistorian
< 4.30
schneider-electric/citectscada_reports
4.0
schneider-electric/citectscada_reports
< 4.10
schneider-electric/vijeo_historian
4.0
schneider-electric/vijeo_historian
4.10
schneider-electric/vijeo_historian
4.20
schneider-electric/vijeo_historian
< 4.30
Published
Dec 02, 2011
Tracked Since
Feb 18, 2026