CVE-2018-5411

CVE-2018-5411: Pixar's Tractor software, versions 2.2 and earlier, contains a stored cross-site scripting vulnerability

Vendor Pixar

Product Tractor

Weakness CWE-79 · XSS

Published December 13, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.

Key dates

02Disclosure timeline

December 13, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-5411 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2018-5411: Pixar's Tractor software, versions 2.2 and earlier, contains a stored cross-site scripting vulnerability

01Description

02Disclosure timeline

03References

04Related CVE