========================================= Yaniv Miron aka "Lament" Advisory Feb 28, 2010 Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities ========================================= ===================== I. BACKGROUND ===================== TrackWiseŽ by Sparta Systems: A Holistic Approach to Enterprise Quality Management TrackWise by Sparta Systems is an enterprise quality management solution (EQMS) that optimizes quality, ensures compliance and reduces costs for world-class clients across a range of industries. TrackWise is the only enterprise quality management solution that offers the flexibility and configurability to adapt to company-specific business processes, enabling our world-class clients across a range of industries to define, track, manage and report on the core activities vital to their success. http://www.spartasystems.com/trackwise-eqms/ ===================== II. DESCRIPTION ===================== A malicious attacker may inject scripts into the TrackWise application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. ===================== IV. EXPLOIT ===================== http://example.com/[TrackWiseDir]/servlet/TeamAccess/Login/"> http://example.com/[TrackWiseDir]/servlet/TeamAccess/BatchEditProgress.html/"> ===================== V. DISCLOSURE TIMELINE ===================== Jan 2009 Vulnerability Found Jan 2009 Vendor Notification Feb 2010 Public Disclosure ===================== VI. CREDIT ===================== Yaniv Miron aka "Lament". lament@ilhack.org