CVE-2005-3959 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site (2) jsref (3) jsres and (4) jscolor parameters to pixel.php which are not sanitized before being included in the logdb.html file and (5) the search key to stat.php.

Reference

http://secunia.com/advisories/17783 http://securitytracker.com/id?1015301 http://www.freewebstat.com/changelog-english.html http://www.osvdb.org/21207 http://www.securityfocus.com/archive/1/417902/100/0/threaded http://www.securityfocus.com/bid/15601 http://www.ush.it/2005/11/25/free-web-stat/ http://www.vupen.com/english/advisories/2005/2646 https://exchange.xforce.ibmcloud.com/vulnerabilities/23387 https://exchange.xforce.ibmcloud.com/vulnerabilities/23391