CVE-2006-3312

Name of the Vulnerable Software and Affected Versions QaTraq versions 6.5 RC and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in multiple files, including top.inc, components copy content.php, components modify content.php, components new content.php, design copy content.php, design copy plan search.php, design modify content.php, design new content.php, design new search.php, download.php, login.php, phase copy content.php, phase delete search.php, phase modify content.php, phase modify search.php, phase view search.php, and products copy content.php. The vulnerable parameters include link print, link upgrade, link sql, link next, link prev, link list, msg, component name, component desc, title, version, content, plan title, plan content, plan name, plan desc, file name, username, password, minor version, new version, product name, and product desc.

Recommendations For QaTraq versions 6.5 RC and earlier, update to version 6.8 RC or later to resolve the issue.