XSS in Arcinfo Pcvue

CVE-2026-1696

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (12.7th percentile) — read the EPSS interpretation.

Affected products

Arcinfo Pcvue — versions 16.0.0, 15.0.0, 12.0.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.pcvue.com/security/ (vendor-advisory)