VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2009-4994

smartertrack: Cross-site scripting (XSS) vulnerability in frmKBSe...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4994

Original

Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-25

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-26

Affected Product Tags

cpe:/a:smartertools:smartertrack:3.0.3040

cpe:/a:smartertools:smartertrack:3.1.3050

cpe:/a:smartertools:smartertrack:3.1.3089

cpe:/a:smartertools:smartertrack:3.5.3126

cpe:/a:smartertools:smartertrack:3.5.3159

cpe:/a:smartertools:smartertrack:3.5.3167

cpe:/a:smartertools:smartertrack:3.6.3216

cpe:/a:smartertools:smartertrack:3.6.3217

cpe:/a:smartertools:smartertrack:3.6.3229

cpe:/a:smartertools:smartertrack:3.6.3246

cpe:/a:smartertools:smartertrack:3.6.3267

cpe:/a:smartertools:smartertrack:3.6.3274

cpe:/a:smartertools:smartertrack:3.6.3309

cpe:/a:smartertools:smartertrack:3.6.3355

cpe:/a:smartertools:smartertrack:3.6.3411

cpe:/a:smartertools:smartertrack:3.6.3413

cpe:/a:smartertools:smartertrack:4.0.3387

cpe:/a:smartertools:smartertrack:4.0.3399

cpe:/a:smartertools:smartertrack:4.0.3411

cpe:/a:smartertools:smartertrack:4.0.3413

cpe:/a:smartertools:smartertrack:4.0.3435

cpe:/a:smartertools:smartertrack:4.0.3483 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx

MISC http://holisticinfosec.org/content/view/123/45/

SECUNIA 36172

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)