CVE-2020-12021

Summary

In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
n/aOSIsoft PI Web API 2019OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versionsaffected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

ADP Enrichment

CVE Program Container

Additional References

References