SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
References
Configurations
History
21 Nov 2024, 01:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/72203 - |
Information
Published : 2011-12-16 11:55
Updated : 2024-11-21 01:32
NVD link : CVE-2011-4751
Mitre link : CVE-2011-4751
CVE.ORG link : CVE-2011-4751
JSON object : View
Products Affected
smartertools
- smarterstats
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor