Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5073

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5073
Last Modified 02 Feb 2012 12:00:00
Published 29 Jan 2012 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5073

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.

Vulnerable Systems

Application

  • Sitracker Support Incident Tracker 3.21

  • Sitracker Support Incident Tracker 3.22

  • Sitracker Support Incident Tracker 3.22pl1

  • Sitracker Support Incident Tracker 3.23

  • Sitracker Support Incident Tracker 3.24

  • Sitracker Support Incident Tracker 3.30

  • Sitracker Support Incident Tracker 3.31

  • Sitracker Support Incident Tracker 3.32

  • Sitracker Support Incident Tracker 3.33

  • Sitracker Support Incident Tracker 3.35

  • Sitracker Support Incident Tracker 3.36

  • Sitracker Support Incident Tracker 3.40

  • Sitracker Support Incident Tracker 3.41

  • Sitracker Support Incident Tracker 3.45

  • Sitracker Support Incident Tracker 3.50

  • Sitracker Support Incident Tracker 3.51

  • Sitracker Support Incident Tracker 3.6

  • Sitracker Support Incident Tracker 3.60

  • Sitracker Support Incident Tracker 3.61

  • Sitracker Support Incident Tracker 3.62

  • Sitracker Support Incident Tracker 3.63

  • Sitracker Support Incident Tracker 3.64


References

MISC - https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html

BUGTRAQ - 20110914 Multiple vulnerabilities in SiT! Support Incident Tracker

CONFIRM - http://sitracker.org/wiki/ReleaseNotes365

SECUNIA - 46019


Last Updated: 27 May 2016 10:56:27