Pi Web Api
Approved changes feed: RSS · Atom
cpe:2.3:a:aveva:pi_web_api:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aveva (419325dd-398d-5d8e-98c9-e41c800a541d) |
|---|---|
| Product | Pi Web Api (774e826b-c7c6-5dbe-a0e5-61149632b3e4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2745 |
vulnerable | 2026-06-03 15:00:26.368867 |
AVEVA PI Web API Cross-site Scripting
MEDIUM (6.5)
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023
SP1 and prior that, if exploited, could allow an authenticated attacker
(with privileges to create/update annotations or upload media files) to
persist arbitrary JavaScript code that will be executed by users who
were socially engineered to disable content security policy protections
while rendering annotation attachments from within a web browser.
Published: 2025-06-12T19:42:27.001Z
Updated: 2025-06-12T20:09:34.976Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3468 |
vulnerable | 2026-06-03 14:56:24.449707 |
Deserialization of Untrusted Data in AVEVA PI Web API
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.
Published: 2024-06-12T21:04:28.259Z
Updated: 2024-08-01T20:12:07.636Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.