CVE-2011-5073

Name of the Vulnerable Software and Affected Versions Support Incident Tracker (aka SiT!) versions prior to 3.65

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters and the Referer header in multiple scripts, including "contact support.php", "contract add service.php", "edit backup users.php", "edit escalation path.php", "forgotpwd.php", "billable incidents.php", "transactions.php", "inbox.php", "incident add.php", "report customers.php", "report incidents by engineer.php", "report incidents by site.php", "report marketing.php", and "report incidents by vendor.php". The vulnerable parameters include mode, contractid, user, id, action, search string, table1, startdate, and enddate.

Recommendations For versions prior to 3.65, update to version 3.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts and parameters, such as mode in "contact support.php", contractid in "contract add service.php", user in "edit backup users.php", id in "edit escalation path.php", the Referer to "forgotpwd.php", action in "billable incidents.php" and "inbox.php", search string in "incident add.php", table1 in the report scripts, and startdate or enddate in "report incidents by vendor.php".