Lucene search
K
SitrackerSupport Incident Tracker

22 matches found

CVE
CVE
added 2020/01/02 4:30 a.m.99 views

CVE-2019-20221

CVE-2019-20221 affects Support Incident Tracker (SiT!) version 3.67. The vulnerability is a Cross-Site Scripting (XSS) in the “Load Plugins” input on the config.php page, with the payload potentially executed on pages such as about.php. Multiple sources corroborate the issue across CVE records an...

6.1CVSS6AI score0.00668EPSS
CVE
CVE
added 2020/01/02 4:30 a.m.92 views

CVE-2019-20220

The CVE-2019-20220 entry concerns Support Incident Tracker (SiT!) version 3.67. A cross-site scripting (XSS) flaw is located in the search_id parameter of the search_incidents_advanced.php page, arising from insufficient validation of user-supplied data. Documented impact is client-side code exec...

6.1CVSS6.3AI score0.00668EPSS
CVE
CVE
added 2020/01/02 4:29 a.m.90 views

CVE-2019-20223

CVE-2019-20223 is an XSS flaw in Support Incident Tracker (SiT!) 3.67 where the id parameter is reflected across endpoints that use it. Red Hat’s advisory reiterates the XSS in SiT! 3.67, tied to CVE-2012-2235, with no details on patches within the provided documents. The OpenVAS entry references...

6.1CVSS5.9AI score0.00668EPSS
CVE
CVE
added 2020/01/02 4:30 a.m.88 views

CVE-2019-20222

The CVE-2019-20222 entry affects Support Incident Tracker (SiT!) version 3.67, where the Short Application Name and Application Name fields in the config.php page are vulnerable to cross-site scripting (XSS). Multiple connected sources (NVD entry and Red Hat security advisory) confirm the issue a...

6.1CVSS6.2AI score0.00668EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.60 views

CVE-2011-3833

CVE-2011-3833 affects Support Incident Tracker (SiT!) 3.65, with an Unrestricted file upload in ftp_upload_file.php. The root cause is that remote authenticated users can upload a PHP file and access it via a direct request to that file in an unspecified directory, enabling arbitrary code executi...

6CVSS7.2AI score0.19783EPSS
CVE
CVE
added 2012/01/29 11:0 a.m.60 views

CVE-2011-5074

CVE-2011-5074 refers to multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (SiT!)

6.8CVSS7.4AI score0.01072EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.58 views

CVE-2011-3829

CVE-2011-3829 affects Support Incident Tracker (SiT!)

4CVSS5.7AI score0.17884EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.51 views

CVE-2011-5067

CVE-2011-5067 affects Support Incident Tracker (SiT!) 3.65. The vulnerability is in the move_uploaded_file.php component, where remote authenticated users can disclose the installation path by an error message that includes the file name. The documented impact is partial information disclosure; n...

4CVSS5.9AI score0.01042EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.49 views

CVE-2011-5069

CVE-2011-5069 is an Unrestricted file upload vulnerability in Support Incident Tracker (SiT!) 3.65, specifically in incident_attachments.php. The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct r...

6CVSS7.3AI score0.0198EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.48 views

CVE-2011-3832

SiT! (Support Incident Tracker) 3.65 is affected by an eval/code-injection vulnerability in config.php. The issue allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter during a save action, due to the use of an eval-like construct in evaluatin...

6.5CVSS7.6AI score0.01389EPSS
CVE
CVE
added 2012/01/29 11:0 a.m.48 views

CVE-2011-5072

Support Incident Tracker (SiT!)

7.5CVSS8.7AI score0.01115EPSS
Web
CVE
CVE
added 2012/05/27 7:0 p.m.48 views

CVE-2012-2235

SiT! (Support Incident Tracker) is affected by a cross-site scripting (XSS) vulnerability in versions up to 3.65, triggered by the id parameter passed to index.php. The issue arises because the parameter is processed in an error message without proper sanitization, enabling remote attackers to in...

4.3CVSS6AI score0.00966EPSS
CVE
CVE
added 2010/04/28 11:0 p.m.46 views

CVE-2010-1596

CVE-2010-1596 affects Support Incident Tracker (SiT!) prior to version 3.51. When LDAP authentication uses anonymous binds, remote attackers can bypass authentication by supplying an empty password. Exploitation details are supported by multiple sources in the connected docs, including OpenVAS an...

6.8CVSS7.2AI score0.01538EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.45 views

CVE-2011-5071

Support Incident Tracker (SiT!) is affected by multiple SQL injection vulnerabilities in versions prior to 3.64 (and cited remotely as SiT!

7.5CVSS8.7AI score0.01112EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.44 views

CVE-2011-3830

CVE-2011-3830 affects Support Incident Tracker (SiT!) 3.65, where an XSS flaw exists in search.php via the search_string parameter, enabling remote injection of arbitrary script/HTML. Root cause is insufficient input validation on the search_string field, as reported in the NVD entry. Exploitatio...

4.3CVSS5.8AI score0.01202EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.44 views

CVE-2011-3831

CVE-2011-3831 affects Support Incident Tracker (SiT!) 3.65. The vulnerability is an SQL injection in incident_attachments.php that allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name. This is documented across multiple sources (NVD/NVD listing, ...

7.5CVSS8.6AI score0.01767EPSS
CVE
CVE
added 2012/01/29 11:0 a.m.44 views

CVE-2011-4337

The CVE affects Support Incident Tracker (SiT!) versions 3.45–3.65, where translate.php contains a static code injection flaw. An attacker can supply a crafted lang parameter to inject arbitrary PHP code into an executable language file within the i18n directory. The provided documents do not spe...

7.5CVSS7.5AI score0.02604EPSS
CVE
CVE
added 2012/01/29 11:0 a.m.44 views

CVE-2011-5073

CVE-2011-5073 affects Support Incident Tracker (SiT!) prior to 3.65. It contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary HTML/JavaScript via numerous parameters (e.g., mode, contractid, user, id, Referer, startdate/enddate, etc.) and cer...

4.3CVSS5.8AI score0.01626EPSS
CVE
CVE
added 2012/01/29 11:0 a.m.44 views

CVE-2011-5075

CVE-2011-5075 affects Support Incident Tracker SiT! versions 3.45–3.65. The flaw is an information-disclosure via translate.php (save action) that allows remote attackers to reveal the installation path. Connected sources corroborate an installation-path exposure; OpenVAS and RH advisories note b...

5CVSS6.3AI score0.02811EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.39 views

CVE-2011-5070

CVE-2011-5070: Several XSS vulnerabilities in Support Incident Tracker (SiT!) 3.65 allow remote attackers to inject arbitrary web script/HTML via (1) incident_attachments.php file name, (2) vectors in link_add.php (origref, linkref, linktype) or the redirect parameter in html_redirect, and (3) tr...

4.3CVSS5.9AI score0.01518EPSS
Web
CVE
CVE
added 2007/10/23 5:0 p.m.38 views

CVE-2007-5635

Technical details for CVE-2007-5635 are not publicly available in the provided documents. The materials list multiple unspecified vulnerabilities with unknown impact and vectors; no concrete affected products, versions, or fixes are disclosed here. Monitor for updates.

10CVSS6.9AI score0.01446EPSS
CVE
CVE
added 2012/01/29 2:0 a.m.37 views

CVE-2011-5068

CVE-2011-5068 affects Support Incident Tracker (SiT!) version 3.65, with multiple CSRF vulnerabilities that allow remote attackers to hijack a user’s authenticated session for actions such as deleting a user via user_delete.php and other unspecified programs. The connected documents confirm the v...

6.8CVSS7.5AI score0.00737EPSS