Test ID:	1.3.6.1.4.1.25623.1.0.902773
Category:	Web application abuses
Title:	SmarterTools SmarterStats Multiple Vulnerabilities
Summary:	This host is SmarterTools SmarterStats and is prone to multiple; vulnerabilities.
Description:	Summary: This host is SmarterTools SmarterStats and is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to an: - Input passed via multiple parameters to multiple scripts are not properly sanitised before being returned to the user. - Error in 'frmGettingStarted.aspx' generates response with GET request, which allows remote attackers obtain sensitive information by reading web-server access logs or and web-server referer logs. Vulnerability Impact: Successful exploitation will let the attackers execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Software/OS: SmarterTools SmarterStats version 6.2.4100. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4752 http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html XForce ISS Database: smarterstat-ctheader-unspecified(72204) https://exchange.xforce.ibmcloud.com/vulnerabilities/72204 Common Vulnerability Exposure (CVE) ID: CVE-2011-4751 XForce ISS Database: smartertools-smarterstats-fgs-info-disc(72203) https://exchange.xforce.ibmcloud.com/vulnerabilities/72203 Common Vulnerability Exposure (CVE) ID: CVE-2011-4750
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.