Lucene search
K

98 matches found

NVD
NVD
added 2017/09/30 1:29 a.m.19 views

CVE-2017-14620

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting...

6.1CVSS6.2AI score0.02466EPSS
Exploits5References2
Prion
Prion
added 2017/09/30 1:29 a.m.14 views

Cross site scripting

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting...

4.3CVSS6.1AI score0.02466EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2017/09/29 3:0 p.m.30 views

CVE-2017-14620

SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting...

6.2AI score0.02466EPSS
Exploits5References2
CVE
CVE
added 2017/09/29 3:0 p.m.70 views

CVE-2017-14620

SmarterStats 11.3.6347 (and possibly earlier) is vulnerable to a Stored Cross‑Site Scripting flaw due to how it renders the Referer field from HTTP logfiles in /Data/Reports/ReferringURLsWithQueries. The underlying issue is the processing/rendering of the Referer header leading to stored DOM XSS,...

6.1CVSS6.1AI score0.02466EPSS
Exploits5References2Affected Software1
exploitpack
exploitpack
added 2017/09/27 12:0 a.m.39 views

SmarterStats 11.3.6347 - Cross-Site Scripting

SmarterStats 11.3.6347 - Cross-Site Scripting ---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries...

4.3CVSS0.1AI score0.02466EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/09/27 12:0 a.m.1144 views

SmarterStats 11.3.6347 - Cross-Site Scripting

---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date:...

6.1CVSS6.3AI score0.02466EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/12/21 12:0 a.m.39 views

SmarterTools SmarterStats Multiple Vulnerabilities

This host is SmarterTools SmarterStats and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.9AI score0.02004EPSS
Exploits0References2
NVD
NVD
added 2011/12/16 11:55 a.m.18 views

CVE-2011-4761

Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilderedit.php and certain other files. NOTE: it is...

10CVSS6.7AI score0.02004EPSS
Exploits0References2
NVD
NVD
added 2011/12/16 11:55 a.m.14 views

CVE-2011-4752

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

10CVSS6.7AI score0.02004EPSS
Exploits0References2
NVD
NVD
added 2011/12/16 11:55 a.m.17 views

CVE-2011-4751

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

5CVSS6.1AI score0.0116EPSS
Exploits0References2
Prion
Prion
added 2011/12/16 11:55 a.m.18 views

Design/Logic Flaw

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

10CVSS7.2AI score0.02004EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.13 views

Design/Logic Flaw

Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible th...

10CVSS7.3AI score0.02004EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.17 views

Cross site scripting

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

5CVSS6.6AI score0.0116EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.12 views

Design/Logic Flaw

Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilderedit.php and certain other files. NOTE: it is...

10CVSS7.3AI score0.02004EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2011/12/16 11:55 a.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

4.3CVSS6.1AI score0.00931EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2011/12/16 11:0 a.m.47 views

CVE-2011-4750

CVE-2011-4750 concerns multiple XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 . The affected component is a PHP-based web interface; attackers can inject arbitrary web script or HTML through crafted input, with demonstrations tied to Default.aspx and other files. The public descriptio...

4.3CVSS5.9AI score0.00931EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.26 views

CVE-2011-4750

Multiple cross-site scripting XSS vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files...

5.8AI score0.00931EPSS
Exploits0References1
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.18 views

CVE-2011-4752

SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...

6.7AI score0.02004EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.28 views

CVE-2011-4751

SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...

6.1AI score0.0116EPSS
Exploits0References2
Rows per page
Query Builder