CVE-2012-5341

Otterware StatIt 4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sonyy · textwebappsphp

https://www.exploit-db.com/exploits/36499

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.org/files/108340/statit4-xss.txt

[Exploit] http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html

[Exploit] http://www.securityfocus.com/bid/51280

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72139

Scores

EPSS 0.0322

EPSS Percentile 86.9%

Classification

CWE

CWE-79

Status published

Affected Products (2)

otterware/statit

n/a/n/a

Timeline

Published Oct 09, 2012

Tracked Since Feb 18, 2026