CVE-2023-45796 PUBLISHED

XSS vulnerability in Pilz PASvisu and PMI v8xx

Assigner: CERTVDE
Reserved: 13.10.2023 Published: 22.06.2026 Updated: 22.06.2026

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Pilz
Product	PMI v8xx
Versions	Default: unaffected affected from 0.0.0 to 2.0.33992 (incl.)

Vendor	Pilz
Product	PASvisu
Versions	Default: unaffected affected from 0.0.0 to 1.14.1 (excl.)

References

https://certvde.com/en/advisories/VDE-2023-050/

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE