CVE-2014-5397
Invensys Wonderware Information Server - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scores
EPSS
0.0040
EPSS Percentile
60.3%
Details
CWE
CWE-79
Status
published
Products (9)
invensys/wonderware_information_server
invensys/wonderware_information_server
invensys/wonderware_information_server
invensys/wonderware_information_server
invensys/wonderware_information_server
Schneider Electric/Wonderware Information Server Portal
< 4.0 SP1
Schneider Electric/Wonderware Information Server Portal
< 4.5
Schneider Electric/Wonderware Information Server Portal
< 5.0
Schneider Electric/Wonderware Information Server Portal
< 5.5
Published
Aug 28, 2014
Tracked Since
Feb 18, 2026