Description
DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58734
Exploit x_refsource_misc
http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html
Exploit x_refsource_misc
http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt
Scores
EPSS
0.0132
EPSS Percentile
67.4%
Details
CWE
CWE-20
Status
published
Products (1)
magnoware/datatrack_system
3.5
Published
May 25, 2010
Tracked Since
Feb 18, 2026