CVE-2018-19006 - AskarLabs CVE Database

CVE-2018-19006

Vendor Osisoft

Product PI Vision

Weakness CWE-79 · XSS

Published April 8, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes.

Key dates

02Disclosure timeline

April 8, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-19006 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-10269 Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2025-8369 Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting CVE-2023-24400 WordPress Cookie Notice & Compliance for GDPR / CCPA Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS) CVE-2025-8566 GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-64592 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Identifiers

CVE CVE-2018-19006

CWE CWE-79

Affected versions

Vendor Osisoft

Product PI Vision

Affected PI Vision 2017

Vendor Osisoft

Product PI Vision

Affected and PI Vision 2017 R2