Primary

Context

PcVue Missing Secure and SameSite Cookie Attributes Vulnerability

Vulnerability

Patched

A vulnerability exists in the GraphicalData web services and WebClient web application of PcVue, specifically in versions 12.0.0 through 16.3.3. The issue arises from the absence of Secure and SameSite attributes in cookies, which can lead to potential security risks such as cross-site scripting or cross-site request forgery.

Impact

The lack of Secure and SameSite attributes in cookies can expose users to cross-site scripting (XSS) or cross-site request forgery (CSRF) attacks, allowing malicious actors to manipulate user sessions or inject harmful scripts.

Remediation

Users can upgrade to PcVue version 16.3.4 to address this vulnerability. For PcVue 15 users, version 15.2.14 is available.

Added: Feb 26, 2026, 10:34 AM

Updated: Feb 26, 2026, 10:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue Missing Secure and SameSite Cookie Attributes Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PcVue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating