Cross-Site Scripting Vulnerability in SmarterTools SmarterTrack
CVE-2009-4995

Currently unrated

Key Information:

Vendor

Smartertools

Status
Smartertrack
Vendor
CVE Published:
25 August 2010

What is CVE-2009-4995?

An XSS vulnerability exists in the frmTickets.aspx component of SmarterTools SmarterTrack versions prior to 4.0.3504. This flaw allows remote attackers to inject arbitrary web script or HTML code via the email address field, posing a risk of unauthorized actions performed in the context of an affected user’s session. Due to the nature of the vulnerability, attackers may exploit this by crafting malicious emails that redirect users to compromise their sessions or manipulate unintended data.

References

http://secunia.com/advisories/36172
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.