Smartertools Smartertrack vulnerabilities
7 known vulnerabilities affecting smartertools/smartertrack.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2022-24384P3MEDIUMCVSS 6.1PoCfixed in 100.0.8075≥ 100.x, < Build 80752022-03-14
CVE-2022-24384 [MEDIUM] CWE-79 CVE-2022-24384: Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterToo
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
nvd
CVE-2022-24387P3HIGHCVSS 7.2≥ 100.0.8019, < 100.0.8075≥ 100.0.8019.x, < Build 80752022-03-14
CVE-2022-24387 [HIGH] CWE-434 CVE-2022-24387: With administrator or admin privileges the application can be tricked into overwriting files in app_
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
nvd
CVE-2022-24385P4MEDIUMCVSS 6.5fixed in 100.0.8075≥ 100.x, < Build 80752022-03-14
CVE-2022-24385 [MEDIUM] CWE-425 CVE-2022-24385: A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure Th
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
nvd
CVE-2020-36926P4MEDIUMCVSS 5.3v10.0v14.02026-01-16
CVE-2020-36926 [MEDIUM] CWE-497 CVE-2020-36926: SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search for
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
nvd
CVE-2022-24386P4MEDIUMCVSS 6.1≥ 100.0.0, < 100.0.8075≥ 100.x, < Build 80752022-03-14
CVE-2022-24386 [MEDIUM] CWE-79 CVE-2022-24386: Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.140
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
nvd
CVE-2009-4994P4MEDIUMCVSS 4.3≤ 4.0.3483v3.0.3040+20 more2010-08-25
CVE-2009-4994 [MEDIUM] CWE-79 CVE-2009-4994: Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
nvd
CVE-2009-4995P4MEDIUMCVSS 4.3≤ 4.0.3483v3.0.3040+20 more2010-08-25
CVE-2009-4995 [MEDIUM] CWE-79 CVE-2009-4995: Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.
Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd