Cross-Site Scripting Vulnerability in Smart Statistics

vendor:

Smart Statistics

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: Smart Statistics

Affected Version From: 1

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Cross-Site Scripting Vulnerability in Smart Statistics

The Smart Statistics application is vulnerable to a cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the context of an unsuspecting user's browser on the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to update Smart Statistics to the latest version or apply a patch provided by the vendor. Additionally, input validation and sanitization techniques should be implemented to prevent XSS attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40468/info

Smart Statistics is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Smart Statistics 1.0 is vulnerable; other versions may also be affected. 

http:/www.example.com/74rG37_H057/smart_statistics_admin.php?type=page&name=">><FONT SIZE="70" FACE="courier" COLOR=red><MARQUEE BEHAVIOR=SCROLL HEIGHT=25 WIDTH=300 BGColor=navy>R3d-D3v!L W@S h3R3</MARQUEE></FONT>