La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Facebook Twitter Linkedin Copia Link

tag

CVE-2020-7570

CVE-2020-7570 – Schneider Electric StruxureWare Building Operation WebReports

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)
Software Version: Schneider Electric StruxureWare Building Operation WebReports versions 1.9 – 3.1.
NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-7570
CVSv3: 5.4
Severity: Medium
Credits: Alessandro Bosco, Luca Di Giuseppe, Alessandro Sabetta, Massimiliano Brolli

Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.