CVE-2025-4417 – AVEVA PI Connector for CygNet Cross-Site Scripting (XSS)

June 12, 2025

CVE ID : CVE-2025-4417

Published : June 12, 2025, 8:15 p.m. | 1 hour, 46 minutes ago

Description : A cross-site scripting vulnerability exists in
AVEVA PI Connector for CygNet
Versions 1.6.14 and prior that, if exploited, could allow an
administrator miscreant with local access to the connector admin portal
to persist arbitrary JavaScript code that will be executed by other
users who visit affected pages.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-44019 – AVEVA PI Data Archive Denial of Service (DoS) Vulnerability

Next Article CVE-2025-48699 – Apache Unintended Exposure

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4417 – AVEVA PI Connector for CygNet Cross-Site Scripting (XSS)

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

Build a Powerful Image Editor with Next.js and glfx.js

5 vinyl products every collector should have (and why they make such a big difference)

CVE-2025-47860 – Apache HTTP Server Unvalidated User Input

CVE-2025-30316 – Adobe Connect Stored Cross-Site Scripting Vulnerability

I wish this capable USB4 gaming dock could handle my favorite ROG Ally X, but it’s still a good USB hub

CVE-2025-5129 – Sangfor aTrust Directory Traversal Vulnerability

CVE-2025-4305 – Kefaming Mayi Unrestricted File Upload Vulnerability

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

CVE-2025-4417 – AVEVA PI Connector for CygNet Cross-Site Scripting (XSS)

Related Posts