CNNVD-202602-1652 Information
CNNVD ID
CNNVD-202602-1652
Related CVE
- CNNVD Published: 2026-02-10
Description (Chinese)
Siemens Polarion是德国西门子(Siemens)公司的一套应用程序生命周期管理软件。该软件支持在统一、模块化、基于浏览器的软件环境上进行端到端的企业级应用程序开发。 Siemens Polarion V2404 V2404.5之前版本和Siemens Polarion V2410 V2410.2之前版本存在跨站脚本漏洞,该漏洞源于允许在文档标题中包含任意JavaScript代码,可能导致存储型跨站脚本攻击。
Description (English)
Siemens Polalion is an application life-cycle management software for Siemens, Germany. The software supports end-to-end enterprise application development in a unified, modularized, browser-based software environment. Pre-Siemens Polarion V2404 V2404.4.5 and pre-Siemens Polarion V2410 V2410.2 had a cross-site script loophole, which stemmed from allowing the inclusion of any JavaScript code in the document title, which could result in a storage-type cross-station script attack.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
西门子
Published
2026-02-10
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-035571.html https://access.redhat.com/security/cve/cve-2025-40587
Patch
https://cert-portal.siemens.com/productcert/html/ssa-035571.html
Share on: