CVE-2011-5070

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

Basic Data

PublishedJanuary 29, 2012
Last ModifiedAugust 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSitrackerSupport Incident Tracker3.65*******

Vulnerable Software List

VendorProductVersions
Sitracker Support Incident Tracker 3.65

References

NameSourceURLTags
45437http://secunia.com/advisories/45437SECUNIAVendor Advisory
VU#576355http://www.kb.cert.org/vuls/id/576355CERT-VNUS Government Resource
77654http://www.osvdb.org/77654OSVDB
77655http://www.osvdb.org/77655OSVDB
77656http://www.osvdb.org/77656OSVDB
50896http://www.securityfocus.com/bid/50896BID
sit-multiple-xss(71652)https://exchange.xforce.ibmcloud.com/vulnerabilities/71652XF