Security Flaw in SmarterStats 6.0 Web Server by SmarterTools
CVE-2011-2154

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2154?

The SmarterStats 6.0 web server is susceptible to a vulnerability where the loginsettings cookie lacks the HTTPOnly flag in its Set-Cookie header. This oversight allows remote attackers to exploit the situation by potentially accessing sensitive information stored in the cookie through scripting techniques. By not enabling the HTTPOnly attribute, the cookie can be compromised, leading to unauthorized data exposure and posing risks to user privacy and security.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

http://xss.cx/examples/exploits/stored-reflected-xss-cwe7...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2154?

References

Timeline