The Subversion Webclient in Polarion ALM contains a cross-site scripting vulnerability, that could be triggered by an attacker by sending crafted links to an administrator user of Polarion ALM.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/.
A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product.