PT-2026-44203 · Veronalabs+1 · Slimstat Analytics+1

Supakiad S

·

Published

2026-05-28

·

Updated

2026-05-28

·

CVE-2026-7634

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions SlimStat Analytics versions prior to 5.4.12
Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting (XSS) via the User-Agent header. This enables the injection of arbitrary web scripts into pages that execute when a user accesses them. This issue requires the show complete user agent tooltip setting to be explicitly enabled by an administrator to render and execute the stored payload.
Recommendations Update SlimStat Analytics to version 5.4.12 or later. Disable the show complete user agent tooltip setting to prevent the execution of stored payloads.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-7634

Affected Products

Slimstat Analytics
Wp Slimstat