FKIE_CVE-2009-4994

Vulnerability from fkie_nvd - Published: 2010-08-25 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
cve@mitre.orghttp://holisticinfosec.org/content/view/123/45/
cve@mitre.orghttp://secunia.com/advisories/36172Vendor Advisory
cve@mitre.orghttp://www.smartertools.com/SmarterTrack/ReleaseNotes.aspxPatch
af854a3a-2127-422b-91ae-364da2661108http://holisticinfosec.org/content/view/123/45/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36172Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspxPatch
Impacted products
Vendor Product Version
smartertools smartertrack *
smartertools smartertrack 3.0.3040
smartertools smartertrack 3.1.3050
smartertools smartertrack 3.1.3089
smartertools smartertrack 3.5.3126
smartertools smartertrack 3.5.3159
smartertools smartertrack 3.5.3167
smartertools smartertrack 3.6.3216
smartertools smartertrack 3.6.3217
smartertools smartertrack 3.6.3229
smartertools smartertrack 3.6.3246
smartertools smartertrack 3.6.3267
smartertools smartertrack 3.6.3274
smartertools smartertrack 3.6.3309
smartertools smartertrack 3.6.3355
smartertools smartertrack 3.6.3411
smartertools smartertrack 3.6.3413
smartertools smartertrack 4.0.3387
smartertools smartertrack 4.0.3399
smartertools smartertrack 4.0.3411
smartertools smartertrack 4.0.3413
smartertools smartertrack 4.0.3435
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA91889-9A4A-4503-838F-2FCA70CC4A05",
              "versionEndIncluding": "4.0.3483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.0.3040:*:*:*:*:*:*:*",
              "matchCriteriaId": "5612D314-4209-4138-9E90-073CBD51C22D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.1.3050:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FD5A20-9990-4DCE-A4D8-78B29AEC02A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.1.3089:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9F2F38-8CD0-4AE3-89C5-325EA44C740E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.5.3126:*:*:*:*:*:*:*",
              "matchCriteriaId": "7577A051-3BF4-4F66-88A9-BBD0098DAF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.5.3159:*:*:*:*:*:*:*",
              "matchCriteriaId": "B172899C-38D6-4EF9-8F4A-96F433DBE992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.5.3167:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF158B77-40B9-460C-A07B-B5CA5DC3D00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3216:*:*:*:*:*:*:*",
              "matchCriteriaId": "C251BA53-384E-4AEC-8BAE-03D11F0E1FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3217:*:*:*:*:*:*:*",
              "matchCriteriaId": "3342CE8A-B7BD-484E-9945-F96A888B8667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3229:*:*:*:*:*:*:*",
              "matchCriteriaId": "762CB30A-08E3-47D5-98E8-88E7DC0091A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3246:*:*:*:*:*:*:*",
              "matchCriteriaId": "99070B5B-62FC-4BF8-9DF1-A38ED82499FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3267:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D0005F-A3B3-45E9-B95C-19B5939DFE08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3274:*:*:*:*:*:*:*",
              "matchCriteriaId": "1445B14F-46B5-468D-8DB7-D8822A21E824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3309:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C08A7B9-2198-4A88-A1BB-EC3E608315CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3355:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CE2810D-614F-45E8-95A1-45CFC74566B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3411:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9BB578B-5AD9-4699-9E78-7BCC1B781CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:3.6.3413:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7A80AA-EFAD-418E-AE70-CF37EA5AAF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:4.0.3387:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFA2753-61BF-4C9A-9C98-77F04C421389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:4.0.3399:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7844312-E7AE-4CCC-A870-0642380A70B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:4.0.3411:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE15EB80-8BDC-4D32-82D1-B1E3433B7E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:4.0.3413:*:*:*:*:*:*:*",
              "matchCriteriaId": "987A95C5-EF82-4AA1-B3D9-33233B4402C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smartertools:smartertrack:4.0.3435:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D2457B-A9CC-47FB-AC5D-E286A68ED4AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en frmKBSearch.aspx en SmarterTools, SmarterTrack anterior a v4.0.3504 permite a atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s del par\u00e1metro de b\u00fasqueda."
    }
  ],
  "id": "CVE-2009-4994",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-25T20:00:16.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://holisticinfosec.org/content/view/123/45/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36172"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://holisticinfosec.org/content/view/123/45/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.