Siemens Polarion
Summary
Siemens Polarion versions before V2506 are vulnerable to cross-site scripting (XSS) attacks due to improper neutralization of input in document titles. An authenticated remote attacker could inject arbitrary JavaScript code by crafting malicious document titles, potentially affecting other application users. Siemens has released updates (V2404.5 and V2410.2 or later) to address the vulnerability (CVE-2025-40587) and recommends users upgrade.
IFF Assessment
The vulnerability allows attackers to inject malicious code into the application, potentially compromising user data and system integrity.
Severity
Defender Context
This vulnerability in Siemens Polarion, a product lifecycle management system, could allow attackers to execute arbitrary code in a user's browser session. Defenders should promptly apply the vendor-provided patches to mitigate the risk of XSS attacks. Organizations should also monitor for unusual activity related to document titles and user sessions.