PT-2007-4129 · Track+ · Track+
R0T
·
Publicado
2007-05-22
·
Atualizado
2017-07-29
·
CVE-2007-2819
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Track+ versions 3.3.2 and earlier
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
projId parameter in the "reportItem.do" endpoint.Recommendations
For versions 3.3.2 and earlier, avoid using the
projId parameter in the "reportItem.do" endpoint until a fix is available. As a temporary workaround, consider restricting access to the "reportItem.do" endpoint to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Track+