Vulnerabilities > Sitracker > Support Incident Tracker > 3.65
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-01-29 | CVE-2011-3830 | Cross-Site Scripting vulnerability in Sitracker Support Incident Tracker 3.65 Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. | 4.3 |
2012-01-29 | CVE-2011-3829 | Information Exposure vulnerability in Sitracker Support Incident Tracker 3.65 ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message. | 4.0 |