Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-3681

Published: 21/07/2006 Updated: 20/07/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Awstats

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.

Vulnerable Product Search on Vulmon Subscribe to Product

awstats awstats

Vendor Advisories

Debian CVElist Bug Report Logs: awstats: CVE-2006-3681 CVE-2006-3682: multiple vulnerabilities
Debian Bug report logs - #378960 awstats: CVE-2006-3681 CVE-2006-3682: multiple vulnerabilities Package: awstats; Maintainer for awstats is Debian QA Group <packages@qadebianorg>; Source for awstats is src:awstats (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Thu, 20 Jul 2006 02:48:01 UTC ...
Ubuntu Security Notice: awstats vulnerabilities
awstats did not fully sanitize input, which was passed directly to the user’s browser, allowing for an XSS attack If a user was tricked into following a specially crafted awstats URL, the user’s authentication information could be exposed for the domain where awstats was hosted (CVE-2006-3681) ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/19725http://www.ubuntu.com/usn/usn-360-1http://secunia.com/advisories/22306http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.htmlhttp://www.vupen.com/english/advisories/2006/1421https://exchange.xforce.ibmcloud.com/vulnerabilities/25879https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960https://usn.ubuntu.com/360-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook