SSA-436520 (Last Update: 2020-09-08): XSS and CSRF Vulnerabilities in Polarion Subversion Webclient

Published

2020-09-08 00:00:00 UTC

Summary

Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesn’t have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. Siemens recommends specific countermeasures as there are currently no fixes available.