CVE-2024-11479: Authenticated HTML Injection in Issuetrak Ticket Comment Function

5.1 CVSS

Description

A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the
emails sent to all users on that ticket.

Classification

CVE ID: CVE-2024-11479

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.1

Affected Products

Vendor: Issuetrak

Product: Issuetrak

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes

Timeline

2024-12-05 00:32:15 UTC
CVE

Authenticated HTML Injection in Issuetrak Ticket Comment Function