CVE-2025-4417

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/", "tags": [], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-162-09", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A cross-site scripting vulnerability exists in \nAVEVA\u00a0PI Connector for CygNet \nVersions 1.6.14 and prior that, if exploited, could allow an \nadministrator miscreant with local access to the connector admin portal \nto persist arbitrary JavaScript code that will be executed by other \nusers who visit affected pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-4417", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {}, "publishedDate": "2025-06-12T20:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-12T20:15Z"}