CVE-2010-0941

Name of the Vulnerable Software and Affected Versions eTek Systems Hit Counter version 2.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to several API endpoints, including "index.php", "inc/login.php", "admin/index.php", and "admin/forgot.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For version 2.0, consider restricting access to the mentioned API endpoints until a fix is available. As a temporary workaround, avoid using the PATH INFO variable in the affected endpoints.