header-logo
Suggest Exploit
vendor:
TrackWise EQMS
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: TrackWise EQMS
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE: a:sparta_systems:trackwise_eqms
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerabilities in Sparta Systems TrackWise EQMS

The Sparta Systems TrackWise EQMS application is vulnerable to multiple cross-site scripting attacks. This is due to a lack of proper input sanitization, which allows attackers to inject and execute arbitrary script code in the browser of an unsuspecting user. By exploiting these vulnerabilities, an attacker can steal authentication credentials and launch further attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate all user-supplied input before using it in the application. Implementing a web application firewall (WAF) can also help in preventing cross-site scripting attacks. Regular security testing and code reviews should be conducted to identify and fix any potential vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38483/info

Sparta Systems TrackWise EQMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 


http://www.example.com/[TrackWiseDir]/servlet/TeamAccess/Login/"><script>alert(&#039;XSS-By-Lament&#039;)</script>
http://www.example.com/[TrackWiseDir]/servlet/TeamAccess/BatchEditProgress.html/"><script>alert(&#039;XSS-By-Lament&#039;)</script>

Navigation

Suggest Exploit

Services By CQR