Cross-Site Scripting Vulnerability in Polarion Subversion Webclient by Siemens
CVE-2020-15788

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Polarion Subversion Webclient
Vendor: CVE Published:; 9 September 2020

Summary

A vulnerability in the Polarion Subversion Webclient allows for Cross-Site Scripting attacks due to inadequate input filtering. Attackers can craft malicious URLs that, when clicked by unsuspecting users, could trigger the execution of harmful JavaScript code in the user's browser. This could lead to a variety of unauthorized actions being performed unknowingly by the victim. Users and administrators must take precautions to mitigate this risk by ensuring that their applications are up-to-date and implementing proper input validation measures.

Affected Version(s)

Polarion Subversion Webclient All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-43652...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jul 15, 2020