A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.
History

Wed, 04 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 04 Dec 2024 00:45:00 +0000

Type Values Removed Values Added
Description A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket.
Title Authenticated HTML Injection in Issuetrak Ticket Comment Function
Weaknesses CWE-79
CWE-80
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Gridware

Published: 2024-12-04T00:23:39.944Z

Updated: 2024-12-04T14:49:43.102Z

Reserved: 2024-11-20T01:12:58.326Z

Link: CVE-2024-11479

cve-icon Vulnrichment

Updated: 2024-12-04T14:49:34.599Z

cve-icon NVD

Status : Received

Published: 2024-12-04T01:15:04.650

Modified: 2024-12-04T01:15:04.650

Link: CVE-2024-11479

cve-icon Redhat

No data.