Summary
| Detail | |||
|---|---|---|---|
| Vendor | Smartertools | First view | 2010-08-25 |
| Product | Smartertrack | Last view | 2022-03-14 |
| Version | 3.5.3167 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:smartertools:smartertrack | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2022-03-14 | CVE-2022-24387 | With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 |
| 5.4 | 2022-03-14 | CVE-2022-24386 | Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. |
| 6.5 | 2022-03-14 | CVE-2022-24385 | A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. |
| 6.1 | 2022-03-14 | CVE-2022-24384 | Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. |
| 4.3 | 2010-08-25 | CVE-2009-4995 | Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | 2010-08-25 | CVE-2009-4994 | Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 16% (1) | CWE-425 | Direct Request ('Forced Browsing') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56792 | SmarterTrack frmTickets.aspx email address Parameter XSS |
| 56791 | SmarterTrack frmKBSearch.aspx search Parameter XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-09-15 | Name : SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities File : nvt/gb_smartertrack_mult_xss_vuln.nasl |
