Category: Client Side Request Forgery

CVE-2017-14620, Stored DOM XSS, SmarterStats V11.3.6347

CVE-2017-14620 SmarterStats V11.3.6347 Renders the Referer Version Identification TL;DR SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries Reporter David Hoyt | XSS.Cx Commentary This Vulnerability was identified back in 2010 when I Reported other Stored XSS Bugs to SmarterTools. Stored XSS is a powerful exploit […]