Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5070

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5070
Last Modified 30 Jan 2012 12:00:00
Published 28 Jan 2012 11:04:44
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5070

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

Vulnerable Systems

Application

  • Sitracker Support Incident Tracker 3.65


References

CERT-VN - VU#576355

XF - sit-multiple-xss(71652)

BID - 50896

OSVDB - 77656

OSVDB - 77655

OSVDB - 77654

SECUNIA - 45437


Last Updated: 27 May 2016 10:57:24