N/A

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Siemens Polarion 跨站脚本漏洞

Siemens Polarion是德国西门子（Siemens）公司的一套应用程序生命周期管理软件。该软件支持在统一、模块化、基于浏览器的软件环境上进行端到端的企业级应用程序开发。 Siemens Polarion存在跨站脚本漏洞，该漏洞源于文件上传功能清理不当，可能导致存储型跨站脚本攻击。

N/A

N/A