10.31.05 Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities | |
============================== Yaniv Miron aka "Lament" Advisory Feb 28, 2010 Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities ============================== ===================== I. BACKGROUND ===================== TrackWise® by Sparta Systems: A Holistic Approach to Enterprise Quality Management TrackWise by Sparta Systems is an enterprise quality management solution (EQMS) that optimizes quality, ensures compliance and reduces costs for world-class clients across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability to adapt to company-specific business processes, enabling our world-class clients across a range of industries to define, track, manage and report on the core activities vital to their success. http://www.spartasystems.com/ ===================== II. DESCRIPTION ===================== A malicious attacker may inject scripts into the TrackWise application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. ===================== IV. EXPLOIT ===================== http://example.com/[ http://example.com/[ ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability Found Jan 2009 Vendor Notification Feb 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@ilhack.org | |
|
Total comments: 0 | |