CVE-2019-13936

3.5LOW

Key Information:

Vendor: Siemens
Status: Polarion
Vendor: CVE Published:; 27 November 2019

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

Affected Version(s)

Polarion All versions < 19.2

References

https://xavibel.com/2019/11/25/siemens-polarion-multiple-...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2019
Vulnerability Reserved
Jul 18, 2019