cbcvebase.
CVE-2006-1945
published 2006-04-20

CVE-2006-1945: Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config…

PriorityP416low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
4.83%
90.9th percentile
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.

Affected

18 ranges
VendorProductVersion rangeFixed in
awstatsawstats<= 6.5_1.857
awstatsawstats
awstatsawstats
awstatsawstats
awstatsawstats
awstatsawstats
awstatsawstats
awstatsawstats
awstatsawstats>= 0 < 6.5-26.5-2
awstatsawstats>= 0 < 6.7.dfsg-5.16.7.dfsg-5.1
awstatsawstats>= 0 < 6.5-26.5-2
awstatsawstats>= 0 < 6.7.dfsg-5.16.7.dfsg-5.1
awstatsawstats>= 0 < 6.5-26.5-2
awstatsawstats>= 0 < 6.7.dfsg-5.16.7.dfsg-5.1
awstatsawstats>= 0 < 6.5-26.5-2
awstatsawstats>= 0 < 6.7.dfsg-5.16.7.dfsg-5.1
debianawstats< awstats 6.7.dfsg-5.1 (bookworm)awstats 6.7.dfsg-5.1 (bookworm)
debianawstats< awstats 6.5-2 (bookworm)awstats 6.5-2 (bookworm)

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.