CVE-2020-15788

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

CVE-2020-15789

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

Cross site request forgery (csrf)

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

Cross site scripting

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

CVE-2020-15789

A vulnerability has been identified in Polarion Subversion Webclient All versions. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who...

CVE-2020-15789

CVE-2020-15789 affects Siemens Polarion Subversion Webclient (all versions). The connected documents confirm two CSRF-related issues in the web interface: a CSRF vulnerability that could trigger state-changing actions via forged requests, requiring a legitimate user to perform an authenticated ac...

CVE-2020-15788

A vulnerability has been identified in Polarion Subversion Webclient All versions. The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client e.g. by clickin...

CVE-2020-15788

The CVE-2020-15788 issue affects Polarion Subversion Webclient (all versions) and is a Cross-Site Scripting vulnerability caused by insufficient input filtering in the web application. Exploitation could allow an attacker to deliver JavaScript that executes in a user’s browser, potentially enabli...

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

Siemens Polarion Subversion Webclient Cross-Site Scripting Vulnerability

Polarion WebClient for SVN is one of several free Subversion tools provided by Polarion Software, it is an SVN client that enables Subversion users to work with SVN repositories using a web browser. A cross-site scripting vulnerability exists in Siemens Polarion Subversion Webclient. An attacker...

Siemens Polarion Subversion Webclient Cross-Site Request Forgery Vulnerability

Polarion WebClient for SVN is one of several free Subversion tools provided by Polarion Software, it is an SVN client that enables Subversion users to work with SVN repositories using a web browser. A cross-site request forgery vulnerability exists in Siemens Polarion Subversion Webclient. An...

Siemens Polarion Subversion Webclient

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS, Cross-site Request Forgery CSRF 2. RISK EVALUATION...

USVN Cross-Site Request Forgery Vulnerability

USVN is a web interface written in PHP for configuring Subversion repositories. A cross-site request forgery vulnerability exists in versions prior to USVN 1.0.10. The vulnerability stems from the lack of SameSite Strict functionality. No detailed vulnerability details are provided at this time...

USVN Arbitrary Code Execution Vulnerability

USVN is a web interface written in PHP for configuring Subversion repositories. An arbitrary code execution vulnerability exists in USVN versions prior to 1.0.10. An attacker can exploit this vulnerability to execute arbitrary code in the commit view...

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

Cross-site Scripting (XSS)

jenkins-subversion-plugin is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not escape the error message for the Project Repository Base URL field form validation...

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

Revisiting old tools

Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...

CloudBees Jenkins Subversion Partial Release Manager Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Subversion Partial Release Manager Plugin is...

CVE-2020-2199

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...