Vulnerabilities > Schneider Electric > Ecostruxure Power Monitoring Expert > 2021

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-15	CVE-2023-5986	Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. network low complexity schneider-electric CWE-601	6.1
2023-11-15	CVE-2023-5987	Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. network low complexity schneider-electric CWE-79	6.1
2023-04-18	CVE-2023-28003	Insufficient Session Expiration vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. network low complexity schneider-electric CWE-613	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.