XML Injection Vulnerability in SmarterStats Web Server by SmarterTools
CVE-2011-2150

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2150?

The SmarterTools SmarterStats 6.0 web server is susceptible to an XML injection vulnerability due to improper validation of string data intended for storage in XML documents. This flaw enables remote attackers to exploit specific vectors involving cookies and parameters, leading to potential denial of service through parsing errors and service interruptions. Key affected endpoints include Admin/frmSites.aspx, Client/frmViewOverviewReport.aspx, Client/frmViewReports.aspx, and Services/SiteAdmin.asmx, where specific crafted inputs could disrupt normal operations.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67832

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2150?

References

Timeline