A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.
