CVE-2017-9655

MEDIUM

OSIsoft PI Integrator - XSS

Title source: llm

Description

A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100212

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-220-01

[Vendor Advisory] https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00324

Scores

CVSS v3 5.4

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

osisoft/pi_integrator_for_business_analystics < 2016

osisoft/pi_integrator_for_microsoft_azure < 2016

osisoft/pi_integrator_for_sap_hana < 2016

n/a/n/a

Published Aug 14, 2017

Tracked Since Feb 18, 2026