NotCVE - vendor:"Smartertools" product:"Smarterstats" version:"6.2.4100"

3 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-4750

https://notcve.org/view.php?id=CVE-2011-4750

16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SmarterTools SmarterStats 6.2.4100 permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entradas modificadas a un script PHP, tal como se ha... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-4751

https://notcve.org/view.php?id=CVE-2011-4751

16 Dec 2011 — SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. SmarterTools SmarterStats 6.2.4100 genera páginas web que contienen enlaces externos en respuesta a peticiones GET con cadenas de texto de búsqueda para frmGett... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-4752

https://notcve.org/view.php?id=CVE-2011-4752

16 Dec 2011 — SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. SmarterTools SmarterStats 6.2.4100 envía cabeceras Content-Type incorrectas para determinados recursos, lo que puede permitir a atacantes remotos tener ... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html •