CVE-2023-25551 MEDIUM

CVE-2023-25551

Vendor Schneider Electric
Product StruxureWare Data Center Expert
Weakness CWE-79 · XSS
Published April 18, 2023
Last update February 12, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Key dates

02Disclosure timeline

April 18, 2023 CVE published
February 12, 2025 Record updated