Siemens Spectrum Power was found to be prone to cross site scripting vulnerability . This was caused because the user supplied inputs were not properly sanitised. Attackers can easily exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the  context of the affected site. They can also steam cookie -based authentication credentials . This could also be used to launch other attacks.

CVE-2019-10933

Affected versions :-

Siemens Spectrum Power 7 2.20
Siemens Spectrum Power 5 5.50
Siemens Spectrum Power 4 4.75
Siemens Spectrum Power 3 3.11