CVE-2014-5397

CVE-2014-5397: Schneider Electric Wonderware Cross-site Scripting

Vendor Schneider Electric

Product Wonderware Information Server Portal

Weakness CWE-79 · XSS

Published August 28, 2014

Last update October 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Key dates

02Disclosure timeline

August 28, 2014 CVE published

October 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2014-5397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-39024 e-Excellence Inc. U-Office Force - Reflected XSS CVE-2024-13238 Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002 CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CVE-2022-38068 WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2025-31626 WordPress Support Helpdesk Ticket System Lite plugin <= 4.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2014-5397

CWE CWE-79

Affected versions

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 4.0 SP1

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 4.5

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 5.0

Vendor Schneider Electric

Product Wonderware Information Server Portal

Affected 5.5