VDB
CVE-2020-15788
CVE-2020-15788
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.
EPSS 0.36% · 58.3th percentile
Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.36%
58.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | polarion_subversion_webclient | |
| Siemens AG | Polarion Subversion Webclient | * |
| Siemens | N/A |
Timeline
- Sep 8, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-436520.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf advisory
- https://cert-portal.siemens.com/productcert/html/ssa-455844.html advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-15788 advisory