Vulnerabilities > Osisoft > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-18 | CVE-2021-43549 | Cross-site Scripting vulnerability in Osisoft PI web API A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. | 3.5 |
| 2021-11-17 | CVE-2021-43551 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019 A remote attacker with write access to PI Vision could inject code into a display. | 3.5 |
| 2020-07-27 | CVE-2020-10643 | Cross-site Scripting vulnerability in Osisoft PI Vision 2019 An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. | 3.5 |
| 2020-07-25 | CVE-2020-10614 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. | 3.5 |
| 2020-01-15 | CVE-2019-18244 | Information Exposure Through Log Files vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. | 1.9 |
| 2020-01-15 | CVE-2019-18273 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. | 3.5 |
| 2019-04-08 | CVE-2018-19006 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. | 3.5 |
| 2018-04-03 | CVE-2016-8365 | Improper Access Control vulnerability in Osisoft products OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. | 2.1 |
| 2017-08-14 | CVE-2017-9655 | Cross-site Scripting vulnerability in Osisoft products A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 3.5 |
| 2017-02-13 | CVE-2017-5153 | Information Exposure Through Log Files vulnerability in Osisoft PI Coresight and PI web API An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. | 2.1 |