CVE-2020-15788

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Polarion Subversion Webclient
Vendor: CVE Published:; 9 September 2020

Summary

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.

Affected Version(s)

Polarion Subversion Webclient All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-43652...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jul 15, 2020