FreeWebStat 1.0 Multiple XSS Vulnerabilities - Exploit-DB

On November 28, 2005, the international platform Exploit-DB published an advisory signed by Francesco Ongaro regarding the FreeWebStat 1.0 software, affected by serious multiple cross-site scripting vulnerabilities. The exploit, catalogued with ID 26635 and associated with CVE-2005-3959, demonstrated how the application did not properly sanitize user-provided input, allowing arbitrary execution of JavaScript code in victims’ browsers. The technical sheet, also archived by SecurityFocus, credits Ongaro as the author of the discovery and provides concrete payload examples, highlighting the risks of cookie theft and session hijacking.