4.3
CVE-2011-5073
- EPSS 0.51%
- Veröffentlicht 29.01.2012 11:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sitracker ≫ Support Incident Tracker Version <= 3.64
Sitracker ≫ Support Incident Tracker Version3.6
Sitracker ≫ Support Incident Tracker Version3.21
Sitracker ≫ Support Incident Tracker Version3.22
Sitracker ≫ Support Incident Tracker Version3.22pl1
Sitracker ≫ Support Incident Tracker Version3.23
Sitracker ≫ Support Incident Tracker Version3.24
Sitracker ≫ Support Incident Tracker Version3.24 Updatebeta-2
Sitracker ≫ Support Incident Tracker Version3.30
Sitracker ≫ Support Incident Tracker Version3.30 Updatebeta2
Sitracker ≫ Support Incident Tracker Version3.31
Sitracker ≫ Support Incident Tracker Version3.32
Sitracker ≫ Support Incident Tracker Version3.33
Sitracker ≫ Support Incident Tracker Version3.35
Sitracker ≫ Support Incident Tracker Version3.35 Updatebeta1
Sitracker ≫ Support Incident Tracker Version3.36
Sitracker ≫ Support Incident Tracker Version3.40
Sitracker ≫ Support Incident Tracker Version3.40 Updatebeta1
Sitracker ≫ Support Incident Tracker Version3.41
Sitracker ≫ Support Incident Tracker Version3.45
Sitracker ≫ Support Incident Tracker Version3.45 Updatebeta1
Sitracker ≫ Support Incident Tracker Version3.50
Sitracker ≫ Support Incident Tracker Version3.50 Updatebeta1
Sitracker ≫ Support Incident Tracker Version3.51
Sitracker ≫ Support Incident Tracker Version3.60
Sitracker ≫ Support Incident Tracker Version3.61
Sitracker ≫ Support Incident Tracker Version3.62
Sitracker ≫ Support Incident Tracker Version3.63
Sitracker ≫ Support Incident Tracker Version3.63 Updatebeta1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.66 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.