CVE-2009-4994

Smartertools Smartertrack < 4.0.3483 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

References (3)

[Various Sources] http://holisticinfosec.org/content/view/123/45/

[Vendor Advisory] http://secunia.com/advisories/36172

[Patch] http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status published

Affected Products (23)

smartertools/smartertrack < 4.0.3483

smartertools/smartertrack

... and 8 more

Timeline

Published Aug 25, 2010

Tracked Since Feb 18, 2026