Vulnerability Description
Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pixar | Tractor | <= 2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106209Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/756913/Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/106209Third Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/756913/Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5411?
CVE-2018-5411 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is dis...
How severe is CVE-2018-5411?
CVE-2018-5411 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5411?
Check the references section above for vendor advisories and patch information. Affected products include: Pixar Tractor.