Headline
CVE-2021-44478
A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.
%PDF-1.5 %���� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 646.963 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 586.883 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 396.06 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 289.156 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 431.539 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 649.338 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/knowledge-base/PL8613685) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 487.291 518.276 498.828] >> endobj 17 0 obj << /A << /S /GoTo /D (section*.3) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [302.649 450.056 433.497 462.733] >> endobj 18 0 obj << /A << /S /GoTo /D (section*.3) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [458.38 423.353 518.276 432.877] >> endobj 20 0 obj << /A << /S /GoTo /D (section*.2) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [386.143 305.973 524.579 317.51] >> endobj 21 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [147.498 288.16 309.548 299.577] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 197.084 487.754 208.621] >> endobj 23 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 167.316 525.406 178.733] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F50 25 0 R /F47 26 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2661 >> stream xڵZ[s�H~���mQ��7�I��vR����$’5�̃,a� -�x���9� �0YeAC�>��\��l�yw�����-�N� �œ#}O�#��D:���՝��6J�ɔJ�Σ�>�L�p��?f�j�#.2Xd�k�’��nm��g������M��������]`�wȁ�IF�����_���g8��B��7����u��/�y�[���MO������J^���@�y!��� z$PVA��/țc���ch�>�I�C��)��$�="T[����t�ѱ��p����=BP�<���B �Ą�b���]���C�Ip�s��’B>ʉ��b��6��’���4ʗ�q��u$S�������q$��4J�ň������1�}�Q����tP�HL��p��d��Y����$��$d ɠ� �W��5�]$�`��)�D�3���Y����x�,Q�o�e��]q�R�ҩϦ��C��@��l�,J��a�6��$���SB[���}�G���y�|7�8vs����x�w����l��� }����l�Ye92 ���M2���C����/�~.�-%T�H���Ϲ�������D��xxG�������Cla���`T�sc�ʭZ��� ��q��Zu��G�á�a��ܭw�c�U����1�-�b��_ ���be�AS��Cӄ�nN�r�gL�����|�i����(�UF����Dy�>.�� �e�\��w��8z��ҵfoV�ͧ�����w[~�Y��z�qQ�-efi�����-hL�X�������-�jQcB&��u ����K}��