VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability

Vulnerability Note: VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability

Published:

Description: Pixar’s Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability(CWE-79)in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert JavaScript into this note field that is then saved and displayed to the end user.

Source: CERT.ORG

 

Tags