Vulnerabilities > CVE-2007-2847 - Cross-Site Scripting vulnerability in HLstats

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

hlstats

critical

NVD

Published: 2007-05-24

Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.

Vulnerable Configurations

Part	Description	Count
Application	Hlstats Hlstats Hlstats *	1

References

http://osvdb.org/36215
http://www.securityfocus.com/archive/1/469291/100/0/threaded
http://www.securityfocus.com/bid/24102
https://exchange.xforce.ibmcloud.com/vulnerabilities/34450