Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable stored XSS needs a high-privilege author (PR:H) and a victim to view the page (UI:R); execution in the victim's browser crosses a trust boundary (S:C) with high C/I and no availability impact.
Primary rating from Vendor (Rockwell).
CVSS VectorVendor: Rockwell
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A Stored Cross-Site Scripting security issue exists within FactoryTalk® DataMosaix™ Private Cloud. The vulnerability stems from improper neutralization of user-supplied input within the Workflows configuration. An authenticated attacker with high privileges can inject malicious scripts that are permanently stored on the server. This vulnerability can result in the execution of malicious JavaScript when other users access the affected page, potentially allowing for account takeover, credential theft, or redirection to a malicious website.
AnalysisAI
Stored cross-site scripting in Rockwell Automation FactoryTalk DataMosaix Private Cloud lets a high-privileged authenticated user persist malicious JavaScript through the Workflows configuration, which then executes in the browsers of other users who view the affected page. Successful exploitation can lead to session/account takeover, credential theft, or redirection to attacker-controlled sites. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated account with high privileges (PR:H) over the Workflows configuration feature of FactoryTalk DataMosaix Private Cloud - this is the exact feature where unsanitized input is stored. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N) is internally consistent with the description: network-reachable, low complexity, but requiring high privileges (PR:H) and passive user interaction (UI:P) from a victim who opens the page. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious insider or an attacker who has obtained high-privilege credentials logs into FactoryTalk DataMosaix Private Cloud and saves a crafted JavaScript payload into a Workflows configuration field. When another operator or administrator later opens that Workflows page, the stored script runs in their session, letting the attacker steal their session token or credentials or redirect them to a malicious site. … |
| Remediation | Consult and apply the remediation in Rockwell Automation advisory SD1787 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1787.html); the input does not include an exact fixed version, so treat the advisory as authoritative for the patched release and upgrade to it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all users with high-privilege access to Workflows configuration, restrict access to essential personnel only, and conduct an immediate audit of existing Workflows for suspicious or newly added configurations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43702
GHSA-3wvx-f68r-xmjc