Trustwave SpiderLabs has published a new advisory today for a Cross-Site Scripting vulnerability discovered in Support Incident Tracker (aka SiT!). For those who are unfamiliar with SiT!, it is an open-source software used for tracking technical support calls/emails. Currently, SiT! version 3.66 and prior are affected by a XSS vulnerability found in the setup.php page (note: setup.php exists after the installation successfully completes and the page is vulnerable if left unpatched). Jonathan Claudius who is a member of the SpiderLabs Research team discovered this vulnerability while implementing TrustKeeper probes for this product.
Additionally, Trustwave SpiderLabs has deployed protections for this finding in the ModSecurity Commercial Rules Feed. Also, the Trustwave's Intrusion Detection System and TrustKeeper vulnerability scanning solution has been updated to detect this finding.
For more details regarding this advisory, please visit:
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-019.txt
Comments