The NCCIC has published an advisory on a cross-site scripting vulnerability in PSI GridConnect Telecontrol. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks. PSI recommends users of affected devices update their devices to a version where this vulnerability is patched. The NCCIC also advises on a series of measures for mitigating this vulnerability. Read the advisory at NCCIC/ICS-CERT.