Vulnerabilities > Osisoft > PI WEB API > 2015
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-18 | CVE-2021-43549 | Cross-site Scripting vulnerability in Osisoft PI web API A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. | 4.8 |
2020-06-23 | CVE-2020-12021 | Cross-site Scripting vulnerability in Osisoft PI web API In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | 9.0 |
2019-08-15 | CVE-2019-13516 | Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect. | 8.8 |
2019-08-15 | CVE-2019-13515 | Information Exposure Through Log Files vulnerability in Osisoft PI web API OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | 6.5 |
2018-03-14 | CVE-2018-7508 | Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. | 6.1 |
2018-03-14 | CVE-2018-7500 | Unspecified vulnerability in Osisoft PI Vision and PI web API A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. | 9.8 |