Lucene search
K

Tracks 1.7.2 Cross Site Scripting

🗓️ 29 Mar 2011 00:00:00Reported by Mesut TimurType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 23 Views

Tracks 1.7.2 Cross-Site Scripting vulnerability in web-based application with high severit

Code
`Information  
--------------------  
Name : XSS vulnerability in Tracks  
Software : Tracks 1.7.2.  
Vendor Hompeage : http://getontracks.org/  
Vulnerability Type : Cross-Site Scripting  
Severity : High  
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>  
Advisory Reference : NS-11-003  
  
Description  
------------------  
Tracks is a web-based application to help you implement David Allen’s  
Getting Things Done™ methodology.  
  
Details  
-------------------  
Tracks is affected by a XSS vulnerability in version 1.7.2.  
Example PoC url is as follows :  
  
http://example.com/todos/tag/'"--></style></script><script>alert(0x000238)</script>  
  
You can read the full article about Cross-Site Scripting  
vulnerabilities from here :  
http://www.mavitunasecurity.com/crosssite-scripting-xss/  
  
Solution  
-------------------  
Upgrade to the latest Tracks version (1.7.3 or later).  
Credits  
-------------------  
It has been discovered on testing of Netsparker, Web Application  
Security Scanner - http://www.mavitunasecurity.com/netsparker/.  
  
References  
-------------------  
1. Vendor URL: http://www.getontracks.org/downloads/comments/tracks-173  
2. MSL Advisory Link :  
http://www.mavitunasecurity.com/XSS-vulnerability-in-Tracks/  
3. Netsparker Advisories :  
http://www.mavitunasecurity.com/netsparker-advisories/  
  
About Netsparker  
-------------------  
Netsparker® can find and report security issues such as SQL Injection  
and Cross-site Scripting (XSS) in all web applications regardless of  
the platform and the technology they are built on. Netsparker's unique  
detection and exploitation techniques allows it to be dead accurate in  
reporting hence it's the first and the only False Positive Free web  
application security scanner.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation