SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running SmarterTools SmarterTrack and is prone Cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Upgrade to SmarterTools SmarterTrack version 4.0.3504. For updates refer to http://www.smartertools.com/smartertrack/help-desk-download.aspx

Insight

The flaws are due to the input passed to the 'search' parameter in 'frmKBSearch.aspx' and email address to 'frmTickets.aspx' is not properly sanitised before being returned to the user.

Affected

SmarterTools SmarterTrack version prior to 4.0.3504

References

http://holisticinfosec.org/content/view/123/45/
http://secunia.com/advisories/36172
http://xforce.iss.net/xforce/xfdb/52305

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4994, CVE-2009-4995

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
AlienForm CGI script
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities