CVE-2011-4035

Schneider Electric Vijeo Historian <4.30 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[Various Sources] http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695

[Various Sources] http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71503

Scores

EPSS 0.0209

EPSS Percentile 83.9%

Classification

CWE

CWE-79

Status published

Affected Products (9)

schneider-electric/vijeo_historian < 4.30

schneider-electric/vijeo_historian

schneider-electric/vijeo_historian

schneider-electric/vijeo_historian

schneider-electric/citecthistorian < 4.30

schneider-electric/citecthistorian

schneider-electric/citectscada_reports < 4.10

schneider-electric/citectscada_reports

n/a/n/a

Timeline

Published Dec 02, 2011

Tracked Since Feb 18, 2026