Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » X-Stat Cross-Site Scripting Vulnerability

X-Stat Cross-Site Scripting Vulnerability

by Nikola Strahija on March 16th, 2002 X-Stat fails to properly filter arbitrary script code from URL parameters. This makes it prone to cross-site scripting attacks. A remote attacker may create a link which contains malicious script code. When this link is clicked by a web user, the script code will execute in the browser of the web user, in the context of the site running the vulnerable software.


Successful exploitation may enable an attacker to steal cookie-based authentication credentials from a legitimate user of the software.

X-Stat is a freely available web traffic analyzer, written in PHP. It will run on Unix and Linux variants, as well as Microsoft operating systems.

Remote: Yes

Exploit: No

Vulnerable:

Xqus X-Stat 2.2
Xqus X-Stat 2.3


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »