header-logo
Suggest Exploit
vendor:
Smart Statistics
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Smart Statistics
Affected Version From: 1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Smart Statistics

The Smart Statistics application is vulnerable to a cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the context of an unsuspecting user's browser on the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to update Smart Statistics to the latest version or apply a patch provided by the vendor. Additionally, input validation and sanitization techniques should be implemented to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40468/info

Smart Statistics is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Smart Statistics 1.0 is vulnerable; other versions may also be affected. 

http:/www.example.com/74rG37_H057/smart_statistics_admin.php?type=page&name=">><FONT SIZE="70" FACE="courier" COLOR=red><MARQUEE BEHAVIOR=SCROLL HEIGHT=25 WIDTH=300 BGColor=navy>R3d-D3v!L W@S h3R3</MARQUEE></FONT>