CVE-2011-2150

SmarterStats 6.0 - Denial of Service via XML Injection in Admin and Client Pages

Title source: llm
STIX 2.1

Description

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67832
US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/MORO-8GYQR4
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/240150

Scores

EPSS 0.0302
EPSS Percentile 85.9%

Details

CWE
CWE-20
Status published
Products (1)
smartertools/smarterstats 6.0
Published May 20, 2011
Tracked Since Feb 18, 2026