CVE-2026-1695

Medium CVSS: 5.3

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id).

This vulnerability only affects the error page of the OAuth server.

Vendor

Arcinformatique

Product

Pcvue

CWE

CWE-79

Yayın Tarihi

2026-02-26 08:16:19

Güncelleme

2026-03-12 13:50:53

Source Identifier

87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

KEV Date Added

Kategoriler

CWE-79 Pcvue MEDIUM Arcinformatique 2026

Referanslar

https://www.pcvue.com/security/#SB2026-2

Benzer Kayıtlar

Low

CVE-2026-1696

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

Medium

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in versio…

Medium

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 throu…

Medium

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebSc…

Medium

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVu…

Low

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of t…