Siemens Climatix AWB (Advanced Web and BACnet Module, POL909) enables users of the Climatix 600 solution to connect to a BACnet IP network and implement and load customer web pages and features. Siemens Climatix AWM (Advanced Web Module, POL909) enables users of the Climatix 600 solution to implement and load customer web pages and features. The Siemens Climatix POL909 (AWM and AWB) contains a cross-site scripting vulnerability that could be exploited to send malicious JavaScript code that could hijack a user’s cookie /session token, redirect the user to a malicious web page, and perform unexpected browser actions.