Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent malicious users to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartertools smarterstats 6.0 |