CVE-2011-5073

Support Incident Tracker < 3.65 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5073.

AI-analyzed exploit summary The provided code contains multiple functional proof-of-concept exploits for SQL injection and cross-site scripting (XSS) vulnerabilities in SiT! Support Incident Tracker. It includes detailed HTTP request examples demonstrating how to inject arbitrary SQL code and execute arbitrary JavaScript in the context of the affected website.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/18444

The provided code contains multiple functional proof-of-concept exploits for SQL injection and cross-site scripting (XSS) vulnerabilities in SiT! Support Incident Tracker. It includes detailed HTTP request examples demonstrating how to inject arbitrary SQL code and execute arbitrary JavaScript in the context of the affected website.

Classification
Working Poc 95%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: SiT! Support Incident Tracker
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
http://sitracker.org/wiki/ReleaseNotes365
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/519636
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46019

Scores

EPSS 0.0161
EPSS Percentile 72.8%

Details

CWE
CWE-79
Status published
Products (22)
sitracker/support_incident_tracker 3.6
sitracker/support_incident_tracker 3.21
sitracker/support_incident_tracker 3.22
sitracker/support_incident_tracker 3.22pl1
sitracker/support_incident_tracker 3.23
sitracker/support_incident_tracker 3.24 (2 CPE variants)
sitracker/support_incident_tracker 3.30 (2 CPE variants)
sitracker/support_incident_tracker 3.31
sitracker/support_incident_tracker 3.32
sitracker/support_incident_tracker 3.33
... and 12 more
Published Jan 29, 2012
Tracked Since Feb 18, 2026