CVE-2020-25163 HIGH

CVE-2020-25163: OSIsoft PI Vision Cross-site Scripting

Vendor Osisoft
Product PI Vision
Weakness CWE-79 · XSS
Published April 18, 2022
Last update April 16, 2025

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victim’s user permissions.

Key dates

02Disclosure timeline

April 18, 2022 CVE published
April 16, 2025 Record updated