Lucene search

MitreCVE-2011-5073

HistoryJan 29, 2012 - 11:55 a.m.

CVE-2011-5073

2012-01-2911:55:02

CWE-79

mitre

web.nvd.nist.gov

cve

cross-site scripting

xss

vulnerability

sit

security

injection

web

html

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

60.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.

Affected configurations

Nvd

Node

sitrackersupport_incident_trackerRange≤3.64

sitrackersupport_incident_trackerMatch3.6

sitrackersupport_incident_trackerMatch3.21

sitrackersupport_incident_trackerMatch3.22

sitrackersupport_incident_trackerMatch3.22pl1

sitrackersupport_incident_trackerMatch3.23

sitrackersupport_incident_trackerMatch3.24

sitrackersupport_incident_trackerMatch3.24beta-2

sitrackersupport_incident_trackerMatch3.30

sitrackersupport_incident_trackerMatch3.30beta2

sitrackersupport_incident_trackerMatch3.31

sitrackersupport_incident_trackerMatch3.32

sitrackersupport_incident_trackerMatch3.33

sitrackersupport_incident_trackerMatch3.35

sitrackersupport_incident_trackerMatch3.35beta1

sitrackersupport_incident_trackerMatch3.36

sitrackersupport_incident_trackerMatch3.40

sitrackersupport_incident_trackerMatch3.40beta1

sitrackersupport_incident_trackerMatch3.41

sitrackersupport_incident_trackerMatch3.45

sitrackersupport_incident_trackerMatch3.45beta1

sitrackersupport_incident_trackerMatch3.50

sitrackersupport_incident_trackerMatch3.50beta1

sitrackersupport_incident_trackerMatch3.51

sitrackersupport_incident_trackerMatch3.60

sitrackersupport_incident_trackerMatch3.61

sitrackersupport_incident_trackerMatch3.62

sitrackersupport_incident_trackerMatch3.63

sitrackersupport_incident_trackerMatch3.63beta1

VendorProductVersionCPE
sitrackersupport_incident_tracker*cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.6cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.21cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.22cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.22pl1cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.23cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.24cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.24cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*
sitrackersupport_incident_tracker3.30cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*
sitrackersupport_incident_tracker3.30cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitracker	support_incident_tracker	*	cpe:2.3:a:sitracker:support_incident_tracker::::::::
sitracker	support_incident_tracker	3.6	cpe:2.3:a:sitracker:support_incident_tracker:3.6:::::::*
sitracker	support_incident_tracker	3.21	cpe:2.3:a:sitracker:support_incident_tracker:3.21:::::::*
sitracker	support_incident_tracker	3.22	cpe:2.3:a:sitracker:support_incident_tracker:3.22:::::::*
sitracker	support_incident_tracker	3.22pl1	cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:::::::*
sitracker	support_incident_tracker	3.23	cpe:2.3:a:sitracker:support_incident_tracker:3.23:::::::*
sitracker	support_incident_tracker	3.24	cpe:2.3:a:sitracker:support_incident_tracker:3.24:::::::*
sitracker	support_incident_tracker	3.24	cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2::::::
sitracker	support_incident_tracker	3.30	cpe:2.3:a:sitracker:support_incident_tracker:3.30:::::::*
sitracker	support_incident_tracker	3.30	cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2::::::