Published: 20/04/2006 Updated: 03/11/2008

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.

Vulnerable Product	Search on Vulmon	Subscribe to Product
awstats awstats 6.0
awstats awstats 6.2
awstats awstats 6.3
awstats awstats 6.4
awstats awstats 6.5
awstats awstats
awstats awstats 6.1

Debian Bug report logs - #378960 awstats: CVE-2006-3681 CVE-2006-3682: multiple vulnerabilities Package: awstats; Maintainer for awstats is Debian QA Group <packages@qadebianorg>; Source for awstats is src:awstats (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Thu, 20 Jul 2006 02:48:01 UTC ...

Debian Bug report logs - #364443 [CVE-2006-1945]: Cross-site scripting allows script injection in awstats 65 and earlier Package: awstats; Maintainer for awstats is Debian QA Group <packages@qadebianorg>; Source for awstats is src:awstats (PTS, buildd, popcon) Reported by: Micah Anderson <micah@debianorg> Date: S ...

source: wwwsecurityfocuscom/bid/17621/info AWStats is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of ...

NVD-CWE-Other http://www.securityfocus.com/bid/17621 http://security.gentoo.org/glsa/glsa-200606-06.xml http://secunia.com/advisories/20496 http://pridels0.blogspot.com/2006/04/awstats-65-vuln.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960 https://www.exploit-db.com/exploits/27694/

CVE-2006-1945

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect