CVE-2002-2330

Name of the Vulnerable Software and Affected Versions StatsPlus version 1.25

Description The issue concerns a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the HTTP USER AGENT or HTTP REFERER variables, which are then written to stats.html and executed in client browsers.

Recommendations For StatsPlus version 1.25, consider restricting access to the stats.html file to minimize the risk of exploitation, and avoid using the HTTP USER AGENT and HTTP REFERER variables in the stat.pl script until the issue is resolved.