Cross-site Scripting Vulnerability in Siemens Polarion Webclient
CVE-2019-13936

3.5LOW

Key Information:

Vendor: Siemens
Status: Polarion
Vendor: CVE Published:; 27 November 2019

Summary

The vulnerability in Siemens AG Polarion's webclient stems from improper input sanitization during web page generation. This flaw enables an attacker to execute malicious scripts in the context of users accessing the site, potentially leading to persistent cross-site scripting attacks. All versions of Polarion prior to 19.2 are susceptible, emphasizing the need for adherent security practices and timely updates to protect against exploitation.

Affected Version(s)

Polarion All versions < 19.2

References

https://xavibel.com/2019/11/25/siemens-polarion-multiple-...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2019
Vulnerability Reserved
Jul 18, 2019