PT-2026-7250 · Siemens · Polarion
Published
2026-02-10
·
Updated
2026-02-12
·
CVE-2025-40587
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Polarion versions prior to 2404.5
Polarion versions prior to 2410.2
Description
The application allows arbitrary JavaScript code to be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application. The attack involves manipulating document titles to inject malicious JavaScript code.
Recommendations
Update Polarion to version 2404.5 or later.
Update Polarion to version 2410.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Polarion