Skip to main content

Awstats

5 CVEs product

Monthly

CVE-2022-46391 MEDIUM PATCH This Month

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-35176 MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-29600 CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2018-10245 MEDIUM POC This Month

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awstats
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2012-4547 MEDIUM POC THREAT This Month

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.7%.

XSS Awstats
NVD
CVSS 2.0
4.3
EPSS
31.7%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Awstats Debian Linux +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Awstats
NVD GitHub
EPSS 32% CVSS 4.3
MEDIUM POC THREAT This Month

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.7%.

XSS Awstats
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy