CVE-2021-44478

Name of the Vulnerable Software and Affected Versions Polarion ALM versions prior to V21 R2 P2 Polarion WebClient for SVN (all versions)

Description A cross-site scripting issue is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. This could allow an attacker to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

Recommendations For Polarion ALM versions prior to V21 R2 P2, update to version V21 R2 P2 or later to resolve the issue. For Polarion WebClient for SVN, at the moment, there is no information about a newer version that contains a fix for this vulnerability.