Vulnerability CVE-2011-4035

Vulnerability CVE-2011-4035

Published: 2011-12-02 Modified: 2012-02-13

Description:

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Schneider-electric -> Citecthistorian
Schneider-electric -> Citectscada reports
Schneider-electric -> Vijeo historian

http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf

http://xforce.iss.net/xforce/xfdb/71503

http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page

http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695