CVE-2024-51446 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-51446 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application.

EPSS 0.11% · 28.8th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS Score

0.11%

28.8th percentile

Affected Products

Vendor	Product	Versions
Siemens	Polarion V2310	0
Siemens	Polarion V2404	0
siemens	polarion_alm	2404.0, 2310.0

Timeline

May 13, 2025 EPSS Score
May 13, 2025 Coalition ESS Score
May 13, 2025 CVE Published
May 13, 2025 CVE Updated
May 15, 2025 PoC Published
May 24, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 6, 2025 EPSS Score
Jul 17, 2025 EPSS Score
Jul 28, 2025 EPSS Score

References

Open in Interactive Console →