---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date: September 29, 2017 ---------------------------- CVSS:3.0 Metrics CVSS:3.0 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C/CR:M/MAV:N/MAC:L/MPR:N/MUI:R/MS:U/MC:L/MI:N/MA:N CVSS:3.0 Scores: Base Score 4.3, Temporal Score: 4.1, Environmental Score: 4.1 ---------------------------- Keywords ---------------------------- CVE-2017-14620, CWE-533, CWE-532, CWE-117, CWE-93, CAPEC-86, CAPEC-79, Stored Document Object Model Cross Site Scripting (Stored DOM XSS), Client Side Request Forgery (CSRF), Open Redirection, HTTP Logfiles, Exploit, PoC, HTML Tags, SmarterStats 11.3 ---------------------------- CVE-2017-14620 Requirements ---------------------------- SmarterStats Version 11.3 HTTP Proxy (BurpSuite, Fiddler) Web Browser (Chrome - Current/Stable) User Interaction Required - Must Click Referer Link Report Supported Windows OS Microsoft .NET 4.5 ---------------------------- CVE-2017-14620 Reproduction ---------------------------- Vendor Link https://www.smartertools.com/smarterstats/website-analytics Download Link https://www.smartertools.com/smarterstats/downloads Step 1: Test with an HTTP Logfile containing a URL-encoded String to the Referer Field with HTML Tags to be Rendered in a Browser: http://www.bing.com/search?q=Loading\n
\n