BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities

Summary
The host is running BugTracker.NET and is prone to cross-site scripting and SQL injection vulnerabilities.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and to conduct cross-site scripting attacks. Impact Level: Application
Solution
Upgrade to BugTracker.NET version 3.4.5 or later, For updates refer to http://www.ifdefined.com/bugtrackernet_download.html
Insight
The flaws are due to: - Input passed to the 'pcd' parameter in edit_bug.aspx, 'bug_id' parameter in edit_comment.aspx, 'default_name' parameter in edit_customfield.aspx, and 'id' parameter in edit_user_permissions2.aspx is not properly sanitised before being returned to the user. - Input passed via the 'qu_id' parameter to bugs.aspx, 'row_id' parameter to delete_query.aspx, 'us_id' and 'new_project' parameters to edit_bug.aspx, and 'bug_list' parameter to massedit.aspx is not properly sanitised before being used in a SQL query.
Affected
BugTracker.NET version prior to 3.4.5
References