CVE-2004-2563 - Tip up Lynch

Description

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names versions and database information and conduct cross-site scripting (XSS) attacks via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Reference

http://www.securiteam.com/windowsntfocus/5SP0O0ADGG.html http://www.securityfocus.com/bid/10770 http://www.osvdb.org/8182 http://www.osvdb.org/8183 http://www.osvdb.org/8185 http://secunia.com/advisories/12122 https://exchange.xforce.ibmcloud.com/vulnerabilities/16777 https://exchange.xforce.ibmcloud.com/vulnerabilities/16771