CVE-2018-5411
Last modified
CVE-2018-5411 is a vulnerability of currently unknown severity. Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pixar | Tractor | <= 2.2 |
References
- http://www.securityfocus.com/bid/106209Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/756913/Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/106209Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/756913/Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5411?
How severe is CVE-2018-5411?
How do I fix CVE-2018-5411?
Are you affected by CVE-2018-5411?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST