QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-5070

Back to search

CVE-2011-5070

Published: Jan 29, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

sit-multiple-xss(71652)
vdb-entry
x_refsource_XF
VU#576355
third-party-advisory
x_refsource_CERT-VN
45437
third-party-advisory
x_refsource_SECUNIA
50896
vdb-entry
x_refsource_BID
77655
vdb-entry
x_refsource_OSVDB
77654
vdb-entry
x_refsource_OSVDB
77656
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now