Vulnerabilities > Osisoft > PI WEB API > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-23 CVE-2020-12021 Cross-site Scripting vulnerability in Osisoft PI web API
In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.
network
osisoft CWE-79
6.0
6.0
2019-08-15 CVE-2019-13515 Information Exposure Through Log Files vulnerability in Osisoft PI web API
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
network
low complexity
osisoft CWE-532
4.0
4.0
2018-03-14 CVE-2018-7508 Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
osisoft CWE-79
4.3
4.3
2017-08-25 CVE-2017-7926 Cross-Site Request Forgery (CSRF) vulnerability in Osisoft PI web API 1.8
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0).
network
osisoft CWE-352
6.8
6.8