Vulnerabilities > Osisoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2020-25167 | Incorrect Authorization vulnerability in Osisoft PI Vision OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. | 6.5 |
| 2021-11-18 | CVE-2021-43549 | Cross-site Scripting vulnerability in Osisoft PI web API A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. | 4.8 |
| 2021-11-17 | CVE-2021-43551 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019/2020 A remote attacker with write access to PI Vision could inject code into a display. | 5.4 |
| 2021-11-17 | CVE-2021-43553 | Incorrect Authorization vulnerability in Osisoft PI Vision 2017/2019/2020 PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. | 4.3 |
| 2020-07-27 | CVE-2020-10643 | Cross-site Scripting vulnerability in Osisoft PI Vision 2019 An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component. | 5.4 |
| 2020-07-25 | CVE-2020-10614 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. | 4.8 |
| 2020-01-15 | CVE-2019-18275 | Unspecified vulnerability in Osisoft PI Vision 2017/2019 OSIsoft PI Vision, All versions of PI Vision prior to 2019. | 6.5 |
| 2020-01-15 | CVE-2019-18273 | Cross-site Scripting vulnerability in Osisoft PI Vision 2017 OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. | 4.8 |
| 2020-01-15 | CVE-2019-18244 | Information Exposure Through Log Files vulnerability in Osisoft PI Vision 2017/2019 In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. | 4.7 |
| 2019-08-15 | CVE-2019-13515 | Information Exposure Through Log Files vulnerability in Osisoft PI web API OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information. | 6.5 |