Statcounter Script Injection User Session Hijack

This advisory identifies a vulnerability that can disclose the authentication and session information of the all registered users of statcounter. is one of the best and most well known website monitoring applications on the Internet. More than 1/2 million website’s link to it according to google.


  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.