Vulnerabilities > Smartertools > Smarterstats > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14620 | Cross-site Scripting vulnerability in Smartertools Smarterstats 11.3.6347 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 4.3 |
| 2011-12-16 | CVE-2011-4751 | Information Exposure vulnerability in Smartertools Smarterstats 6.2.4100 SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-12-16 | CVE-2011-4750 | Cross-Site Scripting vulnerability in Smartertools Smarterstats 6.2.4100 Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. | 4.3 |
| 2011-05-20 | CVE-2011-2157 | Permissions, Privileges, and Access Controls vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | 5.0 |
| 2011-05-20 | CVE-2011-2156 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. | 5.0 |
| 2011-05-20 | CVE-2011-2154 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
| 2011-05-20 | CVE-2011-2153 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-05-20 | CVE-2011-2152 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-05-20 | CVE-2011-2151 | Cryptographic Issues vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2011-05-20 | CVE-2011-2150 | Improper Input Validation vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | 5.0 |