Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3714Cross-site Scripting in Awstats

CWE-79Cross-site Scripting15 documents9 sources
Severity
4.3MEDIUMNVD
OSV2.6
EPSS
4.1%
top 11.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
AwstatsDebian Awstats
Timeline
PublishedAug 19
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/awstats< awstats 6.7.dfsg-5.1 (bookworm)
Debianawstats/awstats< 6.7.dfsg-5.1+3
NVDawstats/awstats6.8+19

🔴Vulnerability Details

4
GHSA
GHSA-hmvc-j5gw-8prm: awstats2022-05-17
GHSA
GHSA-5pfp-c3pj-vr5r: Cross-site scripting (XSS) vulnerability in awstats2022-05-02
OSV
CVE-2008-5080: awstats2008-12-03
OSV
CVE-2008-3714: Cross-site scripting (XSS) vulnerability in awstats2008-08-19

💥Exploits & PoCs

1
Exploit-DB
AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting2008-08-18

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Possible AWStats awstats.pl Cross-Site Scripting Attempt2010-07-30

📋Vendor Advisories

5
Ubuntu
AWStats vulnerability2008-12-04
Red Hat
awstats: Cross-site scripting (XSS) vulnerability2008-06-23
Debian
CVE-2008-5080: awstats - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters,...2008
Debian
CVE-2008-3714: awstats - Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows rem...2008
Red Hat
awstats: incomplete fix for CVE-2008-3714 XSS issue

💬Community

2
Bugzilla
CVE-2008-5080 awstats: incomplete fix for CVE-2008-3714 XSS issue2008-12-03
Bugzilla
CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability2008-08-20
CVE-2008-3714 — Cross-site Scripting in Debian Awstats | cvebase