Primary

Context

PcVue Web Services Origin Validation Vulnerability in WebSockets

Vulnerability

Patched

A vulnerability in WebSockets due to missing origin validation affects the GraphicalData web services used by PcVue's WebVue, WebScheduler, TouchVue, and SnapVue features. This vulnerability is present in PcVue versions 12.0.0 through 16.3.3. It may allow a remote attacker to lure a successfully authenticated user to a malicious website. The issue only impacts the GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect endpoints.

Impact

Exploitation of this vulnerability could lead to a cross-site scripting (XSS) attack, allowing the attacker to execute malicious scripts in the context of the user's session.

Remediation

Users can update to PcVue version 16.3.4 or PcVue 15.2.14 to address this vulnerability.

Added: Feb 26, 2026, 10:46 AM

Updated: Feb 26, 2026, 10:46 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

5.4

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

5.4

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue Web Services Origin Validation Vulnerability in WebSockets

Vulnerability

Impact

Remediation

Affected Products

PcVue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating