CVE-2009-4994

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterTrack versions prior to 4.0.3504

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the search parameter in the frmKBSearch.aspx file.

Recommendations For versions prior to 4.0.3504, update to version 4.0.3504 or later to resolve the issue. As a temporary workaround, consider restricting access to the frmKBSearch.aspx file to minimize the risk of exploitation. Avoid using the search parameter in the affected file until the issue is resolved.