CVE-2009-4994
UnknownEPSS 1.02%
Last modified
CVE-2009-4994 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.. EPSS estimates a 1.02% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smartertrack | <= 4.0.3483 |
| Smartertools | Smartertrack | 3.0.3040 |
| Smartertools | Smartertrack | 3.1.3050 |
| Smartertools | Smartertrack | 3.1.3089 |
| Smartertools | Smartertrack | 3.5.3126 |
| Smartertools | Smartertrack | 3.5.3159 |
| Smartertools | Smartertrack | 3.5.3167 |
| Smartertools | Smartertrack | 3.6.3216 |
| Smartertools | Smartertrack | 3.6.3217 |
| Smartertools | Smartertrack | 3.6.3229 |
| Smartertools | Smartertrack | 3.6.3246 |
| Smartertools | Smartertrack | 3.6.3267 |
| Smartertools | Smartertrack | 3.6.3274 |
| Smartertools | Smartertrack | 3.6.3309 |
| Smartertools | Smartertrack | 3.6.3355 |
| Smartertools | Smartertrack | 3.6.3411 |
| Smartertools | Smartertrack | 3.6.3413 |
| Smartertools | Smartertrack | 4.0.3387 |
| Smartertools | Smartertrack | 4.0.3399 |
| Smartertools | Smartertrack | 4.0.3411 |
| Smartertools | Smartertrack | 4.0.3413 |
| Smartertools | Smartertrack | 4.0.3435 |
References
- http://secunia.com/advisories/36172Vendor Advisory
- http://secunia.com/advisories/36172Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-4994?
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
How severe is CVE-2009-4994?
Severity scoring for CVE-2009-4994 is pending analysis. The EPSS model estimates a 1.02% probability of exploitation in the next 30 days.
How do I fix CVE-2009-4994?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-4994?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST