CVE-2011-4752
CVE-2011-4752 is a critical-severity vulnerability in Smartertools Smarterstats with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Smartertools Smarterstats
- Published:
- Last modified:
Description
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
Frequently asked questions
- What is CVE-2011-4752?
- SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
- How severe is CVE-2011-4752?
- CVE-2011-4752 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2011-4752 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-4752?
- CVE-2011-4752 affects Smartertools Smarterstats. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2011-4752?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2011-4752 published?
- CVE-2011-4752 was published on 2011-12-16 and last updated on 2026-06-16.
References
- http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72204
Affected products (1)
- cpe:2.3:a:smartertools:smarterstats:6.2.4100:*:*:*:*:*:*:*
More vulnerabilities in Smartertools Smarterstats
- CVE-2011-2159 — Critical (CVSS 10.0): The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow…
- CVE-2011-2158 — Critical (CVSS 10.0): The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might…
- CVE-2011-2148 — Critical (CVSS 10.0): Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary…
- CVE-2011-2155 — High (CVSS 7.5): Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field…
- CVE-2011-2149 — High (CVSS 7.5): Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to…
- CVE-2017-14620 — Medium (CVSS 6.1): SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL…