SSA-436520 (Last Update: 2020-09-08): XSS and CSRF Vulnerabilities in Polarion Subversion Webclient


2020-09-08 00:00:00 UTC


Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesn’t have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. Siemens recommends specific countermeasures as there are currently no fixes available.