PT-2021-15713 · Web-Stat · Web-Stat
Ramuel Gall
·
Published
2021-04-05
·
Updated
2021-04-09
·
CVE-2021-24167
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Web-Stat versions prior to 1.4.0
Description:
The issue concerns the
wts web stat load init function, which sends an XMLHttpRequest request to the "/ajax.htm?action=lookup WP account" endpoint. This function is used when visiting a site running the affected software, potentially allowing the visitor's browser to be used for malicious purposes.Recommendations:
For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Web-Stat