Posted on Leave a comment

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

CWE-79:Improper Neutralization of Input During Web Page Generation – CVE-2018-5411 Pixar’s Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user.

What are your thoughts?