HIO-2009-0728 SmarterTrack 4.0 Enterprise XSS
SmarterTools SmarterTrack 4.0 Enterprise contains a cross-site scripting vulnerability which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "search" parameter is not properly verified before being submitted to frmKBSearch.aspx. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 4.0.3483 and earlier. Vendor has released version 4.0.3504 to address this issue along with other updates.
OSVDB: 56791, 56792
Vendor Solution: Upgrade to 4.0.3504