{"api_version":"1","generated_at":"2026-06-23T12:50:51+00:00","cve":"CVE-2011-4751","urls":{"html":"https://cve.report/CVE-2011-4751","api":"https://cve.report/api/cve/CVE-2011-4751.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-4751","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-4751"},"summary":{"title":"CVE-2011-4751","description":"SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue.","state":"PUBLISHED","assigner":"mitre","published_at":"2011-12-16 11:55:11","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html","name":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Stored + Reflected XSS, SmarterTools 6.x (6.2.4100), Cross Site Scripting, CWE-79, CAPEC-86","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72203","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72203","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-4751","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4751","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"4751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"smartertools","cpe5":"smarterstats","cpe6":"6.2.4100","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T00:16:34.515Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"smartertools-smarterstats-fgs-info-disc(72203)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-09-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"smartertools-smarterstats-fgs-info-disc(72203)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"},{"tags":["x_refsource_MISC"],"url":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2011-4751","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"smartertools-smarterstats-fgs-info-disc(72203)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"},{"name":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html","refsource":"MISC","url":"http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2011-4751","datePublished":"2011-12-16T11:00:00.000Z","dateReserved":"2011-12-11T00:00:00.000Z","dateUpdated":"2024-08-07T00:16:34.515Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-12-16 11:55:11","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smartertools:smarterstats:6.2.4100:*:*:*:*:*:*:*","matchCriteriaId":"1B4A097E-CD4A-4B8A-8704-877DDAA7D872"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"4751","Ordinal":"1","Title":"CVE-2011-4751","CVE":"CVE-2011-4751","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"4751","Ordinal":"1","NoteData":"SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue.","Type":"Description","Title":"CVE-2011-4751"},{"CveYear":"2011","CveId":"4751","Ordinal":"2","NoteData":"2011-12-16","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"4751","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}