CVE-2014-5397

Schneider Electric Wonderware Information Server Portal 4.0 SP1-5.5 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

Core 4

Scores

EPSS 0.0151
EPSS Percentile 71.1%

Details

CWE
CWE-79
Status published
Products (8)
invensys/wonderware_information_server 4.0 sp1 (2 CPE variants)
invensys/wonderware_information_server 4.5
invensys/wonderware_information_server 5.0
invensys/wonderware_information_server 5.5
Schneider Electric/Wonderware Information Server Portal 4.0 SP1
Schneider Electric/Wonderware Information Server Portal 4.5
Schneider Electric/Wonderware Information Server Portal 5.0
Schneider Electric/Wonderware Information Server Portal 5.5
Published Aug 28, 2014
Tracked Since Feb 18, 2026