Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2006-1945 — Cross-site Scripting in Awstats
Severity
4.3MEDIUMNVD
NVD2.6OSV5.0OSV2.6
EPSS
3.8%
top 11.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 20
Latest updateMay 2
Description
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
CVSS vector
AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9
Affected Packages3 packages
🔴Vulnerability Details
6💥Exploits & PoCs
1Exploit-DB
▶
📋Vendor Advisories
4Debian▶
CVE-2008-3714: awstats - Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows rem...↗2008
Debian▶
CVE-2006-1945: awstats - Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlie...↗2006
Debian▶
CVE-2006-3681: awstats - Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5...↗2006