CVE-2023-45795

HIGH 7.8

Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device.

CWE	CWE-79
Vendor	pilz
Product	pmi v8xx
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for pilz pmi v8xx

Be the first to know when new high vulnerabilities affecting pilz pmi v8xx are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Pilz / PMI v8xx

0.0.0 ≤ 2.0.33992

Pilz / PASvisu

0.0.0 < 1.14.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

certvde.com: https://certvde.com/en/advisories/VDE-2023-050/