SmarterTools SmarterTrack 4.0 Enterprise contains a cross-site scripting vulnerability which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "search" parameter is not properly verified before being submitted to frmKBSearch.aspx. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 4.0.3483 and earlier. Vendor has released version 4.0.3504 to address this issue along with other updates.

References:

CVE-2009-pending

BID:

FrSIRT: N/A

Nessus:N/A

OSVDB: 56791, 56792

SA: 36172

XF: 52305

Related: 

Vendor Solution: Upgrade to 4.0.3504