CVE Catalog

CVE-2023-45796

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before version 1.14.1 and PMI v8xx up to and including version 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data, potentially impacting integrity and/or availability.

Risk Assessment

The organization may be exposed to manipulation of process data, which could lead to serious integrity and availability issues. An attacker could exploit this vulnerability to inject malicious code.

Recommendation

It is recommended to update the components to the latest version to eliminate this vulnerability. A security audit should also be conducted to minimize the risk associated with XSS attacks.

Original NVD description (English source)

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS