Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 (ICSA-18-333-02)

The NCCIC has published an advisory on a cross-site scripting vulnerability in Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4. Numerous products and versions are affected. Successful exploitation of this vulnerability could allow an authenticated user to inject client-side scripts into some web pages that could then be viewed by other users. Tridium recommends that affected users upgrade to the latest versions of the software. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.