High severity7.6NVD Advisory· Published Feb 10, 2026· Updated Apr 15, 2026
CVE-2025-40587
CVE-2025-40587
Description
A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: V2404 < V2404.5, V2410 < V2410.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.