VYPR
Medium severity5.4NVD Advisory· Published Dec 13, 2018· Updated Jun 17, 2026

CVE-2018-5411

CVE-2018-5411

Description

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user. An attacker might include Javascript that could execute on an authenticated user's system that could lead to website redirects, session cookie hijacking, social engineering, etc. As this is stored with the information about the node, all other authenticated users with access to this data are also vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pixar/Tractorllm-fuzzy2 versions
    <=2.2+ 1 more
    • (no CPE)range: <=2.2
    • (no CPE)range: 2.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.