Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/12/2018 Updated: 09/10/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Pixar's Tractor software, versions 2.2 and previous versions, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pixar tractor

CWE-79 https://www.kb.cert.org/vuls/id/756913/http://www.securityfocus.com/bid/106209 https://nvd.nist.gov https://www.kb.cert.org/vuls/id/756913

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5411

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect