Primary

Context

Siemens Polarion Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Siemens Polarion versions 2404 (prior to 2404.5) and 2410 (prior to 2410.2). The issue arises because the application allows arbitrary JavaScript to be included in document titles. An authenticated remote attacker could exploit this by creating specially crafted document titles that, when viewed by other users, execute the embedded JavaScript.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the document.

Remediation

Users are advised to update to Polarion version 2404.5 or later, or version 2410.2 or later. Additional information can be found on the Siemens support website.

Added: Feb 10, 2026, 11:06 AM

Updated: Feb 10, 2026, 3:37 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

5.0

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

5.0

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Polarion Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens Polarion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating