HLstats Search Class Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	22422
Class:	Input Validation Error
CVE:	CVE-2007-0840
Remote:	Yes
Local:	No
Published:	Feb 06 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Tobi is credited with the discovery of this vulnerability.
Vulnerable:	HLstats HLstats 1.34
Not Vulnerable:	HLstats HLstats 1.35

HLstats Search Class Unspecified Cross Site Scripting Vulnerability

HLstats is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.

Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 1.35 are reported affected by this issue.

HLstats Search Class Unspecified Cross Site Scripting Vulnerability

An attacker can exploit this issue with a browser.

HLstats Search Class Unspecified Cross Site Scripting Vulnerability

Solution:
The vendor has released an updated version that addresses this vulnerability. Please see the references for more information.


HLstats HLstats 1.34

• HLstats HLstats version 1.35
  http://sourceforge.net/project/showfiles.php?group_id=20371

HLstats Search Class Unspecified Cross Site Scripting Vulnerability

References:

• HLstats 1.35 (released 2007-02-06) (HLstats)
  
• HLstats Home Page (HLstats)