Smartertools Smarterstats — known CVE vulnerabilities
Every CVE whose affected-product data names Smartertools Smarterstats, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2011-2148 — CVSS 10.0 (critical): Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors…
CVE-2011-4752 — CVSS 10.0 (critical): SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have…
CVE-2011-2159 — CVSS 10.0 (critical): The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to…
CVE-2011-2158 — CVSS 10.0 (critical): The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers…
CVE-2011-2155 — CVSS 7.5 (high): Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the…
CVE-2011-2149 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL…
CVE-2017-14620 — CVSS 6.1 (medium): SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in…
CVE-2011-2154 — CVSS 5.0 (medium): login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings…
CVE-2011-2153 — CVSS 5.0 (medium): Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string…
CVE-2011-2156 — CVSS 5.0 (medium): The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/…
CVE-2011-2157 — CVSS 5.0 (medium): The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server…
CVE-2011-2152 — CVSS 5.0 (medium): The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings…
CVE-2011-2151 — CVSS 5.0 (medium): The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5)…
CVE-2011-4751 — CVSS 5.0 (medium): SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for…
CVE-2011-2150 — CVSS 5.0 (medium): The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which…
CVE-2010-3425 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3…