Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability discovered in Support Incident Tracker (aka SiT!). For those who are unfamiliar with SiT!, it is an open-source software used for tracking technical support calls/emails. Currently, SiT! version 3.66 and prior are affected by a XSS vulnerability found in the setup.php page (note: setup.php exists after the installation successfully completes and the page is vulnerable if left unpatched). Jonathan Claudius who is a member of the SpiderLabs Research team discovered this vulnerability while implementing TrustKeeper probes for this product.
The Support Incident Tracker team has acknowledged this security issue and they have published a fix for it in version 3.67. It is recommended to upgrade to the latest version of SiT! or download the patch which is available here: http://sitracker.wordpress.com/2012/08/18/news-august-2012/
Additionally, Trustwave SpiderLabs has deployed protections for this finding in the ModSecurity Commercial Rules Feed. Also, the Trustwave's Intrusion Detection System and TrustKeeper vulnerability scanning solution has been updated to detect this finding.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.