CVE-2011-4751
SmarterStats 6.2.4100 - Cross-Domain Referer Leakage via frmGettingStarted.aspx
Title source: llmDescription
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72203
Scores
EPSS
0.0116
EPSS Percentile
63.4%
Details
CWE
CWE-200
Status
published
Products (1)
smartertools/smarterstats
6.2.4100
Published
Dec 16, 2011
Tracked Since
Feb 18, 2026