Stored Cross Site Scripting in SmarterStats by Insightful Corporation
CVE-2017-14620

6.1MEDIUM

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 30 September 2017

What is CVE-2017-14620?

An identified vulnerability in SmarterStats Version 11.3.6347 allows for the manipulation of HTTP log files, specifically rendering the Referer field from the URL /Data/Reports/ReferringURLsWithQueries. This flaw enables an attacker to inject malicious scripts, which are then stored and can be triggered when users access those logs, leading to potential unauthorized actions and data exposure.

References

https://www.exploit-db.com/exploits/42923/

exploitx_refsource_EXPLOIT-DB

http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 30, 2017
Vulnerability Reserved
Sep 20, 2017

Smartertools

What is CVE-2017-14620?

References

CVSS V3.1

Timeline