Cross-site Scripting Vulnerability in SmarterStats by SmarterTools
CVE-2010-3425

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 16 September 2010

What is CVE-2010-3425?

The SmarterStats application contains a cross-site scripting (XSS) flaw in the UserControls/Popups/frmHelp.aspx component. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code through the manipulation of the url parameter. It impacts versions 5.3 and 5.3.3819, as well as potentially affecting other similar 5.3 versions. Attackers can exploit this issue to execute malicious scripts in the context of the affected user's session, compromising user data and security.

References

http://secunia.com/advisories/41389

third-party-advisoryx_refsource_SECUNIA

http://cloudscan.blogspot.com/2010/09/vendorsmarterstats-...

x_refsource_MISC

http://www.osvdb.org/67895

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Sep 16, 2010
Vulnerability Reserved
Sep 16, 2010

Smartertools

What is CVE-2010-3425?

References

Timeline