CVE-2023-25551

Publication date

2023-04-18 20:37:23

Family

schneider

State

PUBLISHED

Description

A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)