StatCounter.com suffers from cross site scripting vulnerabilities due to completely trusting the user supplied HTTP referrer field.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/57971/statcounter-xss.txt
Source: https://packetstormsecurity.com/files/57971/statcounter-xss.txt.html