Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PcVue OAuth Error Page Allows Remote Code Injection
CVE-2026-1695
Summary
A security flaw in PcVue's OAuth error page could allow an attacker to trick users into visiting a malicious website. This only affects certain features of PcVue, including WebVue, WebScheduler, TouchVue, and SnapVue, and can be mitigated by updating to a patched version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| arcinformatique | pcvue | > 12.0.0 , <= 15.2.13 | – |
| arcinformatique | pcvue | > 16.0.0 , <= 16.3.4 | – |
Original title
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attac...
Original description
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id).
This vulnerability only affects the error page of the OAuth server.
This vulnerability only affects the error page of the OAuth server.
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026