PT-2026-44203 · Veronalabs+1 · Slimstat Analytics+1
Supakiad S
·
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-7634
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SlimStat Analytics versions prior to 5.4.12
Description
Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting (XSS) via the
User-Agent header. This enables the injection of arbitrary web scripts into pages that execute when a user accesses them. This issue requires the show complete user agent tooltip setting to be explicitly enabled by an administrator to render and execute the stored payload.Recommendations
Update SlimStat Analytics to version 5.4.12 or later.
Disable the
show complete user agent tooltip setting to prevent the execution of stored payloads.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slimstat Analytics
Wp Slimstat