CVE-2024-51446

Name of the Vulnerable Software and Affected Versions: Polarion V2310 (All versions) Polarion V2404 versions prior to V2404.4

Description: A vulnerability has been identified in the file upload feature of the affected application, which improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application.

Recommendations: For Polarion V2310, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Polarion V2404 versions prior to V2404.4, update to version V2404.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation.