Vulnerabilities > Osisoft > PI WEB API > 2019
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-43549 | Cross-site Scripting vulnerability in Osisoft PI web API A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. | 4.8 |
| 2020-06-23 | CVE-2020-12021 | Cross-site Scripting vulnerability in Osisoft PI web API In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | 9.0 |