CVE-2018-5411
Pixar’s Tractor software, version 2.2 and earlier, contains a stored cross-site scripting (XSS) vulnerability in the note field of a node. The attacker can inject JavaScript into the note, which is saved and later displayed to authenticated users, potentially enabling redirects, session cookie hi...