PT-2024-17019 · Issuetrak · Issuetrak
Harrison Daley
·
Published
2024-12-04
·
Updated
2024-12-04
·
CVE-2024-11479
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Issuetrak version 17.1
Description
A HTML Injection issue was identified that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.
Recommendations
For Issuetrak version 17.1, consider restricting the ability to add HTML markup to comments until a fix is available. As a temporary workaround, consider validating and sanitizing user input in comments to prevent malicious HTML code from being executed. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Issuetrak