Medium
The affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a user into interacting with a PI Web API endpoint that executes arbitrary JavaScript in the user’s browser, resulting in view, modification, or deletion of data as allowed for by the victim’s user permissions.
Cross-site Scripting
OSIsoft
PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions
OSIsoft recommends affected users upgrade to PI Web API 2019 SP1