CVE-2009-4994 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
smartertools	smartertrack	𝑥 ≤ 4.0.3483
smartertools	smartertrack	3.0.3040
smartertools	smartertrack	3.1.3050
smartertools	smartertrack	3.1.3089
smartertools	smartertrack	3.5.3126
smartertools	smartertrack	3.5.3159
smartertools	smartertrack	3.5.3167
smartertools	smartertrack	3.6.3216
smartertools	smartertrack	3.6.3217
smartertools	smartertrack	3.6.3229
smartertools	smartertrack	3.6.3246
smartertools	smartertrack	3.6.3267
smartertools	smartertrack	3.6.3274
smartertools	smartertrack	3.6.3309
smartertools	smartertrack	3.6.3355
smartertools	smartertrack	3.6.3411
smartertools	smartertrack	3.6.3413
smartertools	smartertrack	4.0.3387
smartertools	smartertrack	4.0.3399
smartertools	smartertrack	4.0.3411
smartertools	smartertrack	4.0.3413
smartertools	smartertrack	4.0.3435

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://holisticinfosec.org/content/view/123/45/

http://secunia.com/advisories/36172

http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx

http://holisticinfosec.org/content/view/123/45/

http://secunia.com/advisories/36172

http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx