Pixar Tractor CVE-2018-5411 HTML Injection Vulnerability

Pixar Tractor is prone to an unspecified HTML-injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Information

Bugtraq ID: 106209
Class: Input Validation Error
CVE: CVE-2018-5411

Remote: Yes
Local: No
Published: Dec 13 2018 12:00AM
Updated: Dec 13 2018 12:00AM
Credit: Unknown
Vulnerable: Pixar Tractor 2.2

Not Vulnerable: Pixar Tractor 2.3 Build 1923604

Exploit

Attackers can exploit this issue using browser.

References:

Tractor Product page (Pixar)
VU#756913: Pixars Tractor contains a stored cross-site scripting v (CERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit