FreeWebStat Multiple XSS Vulnerabilities Name Multiple XSS Vulnerabilities in FreeWebStat Systems Affected FreeWebStat (verified on 1.0 rev37) Severity Medium Risk Vendor www.freewebstat.com Advisory http://www.ush.it/2005/11/25/free-web-stat/ Author Francesco "aScii" Ongaro (ascii at katamail . com) Date 20051125 FreeWebStat 1.0 rev37 (the last version at the write time) is vulnerable to multiple XSS. The impact is a little bigger since datas will be stored in a flat file and the result of a single query will persist for some time on the backend. A well-timed loop of requests will assure the XSS to be permanent. This can be used to inject arbitrary JS code into the page and make the JS pseudo-permanent, so other users will execute the JS without the need of any special url. Advisory released on 20051125: Free Web Stat Multiple XSS Vulnerabilities http://www.ush.it/2005/11/25/free-web-stat/
