Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4547Cross-site Scripting in Awstats

CWE-79Cross-site Scripting10 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
31.7%
top 3.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
AwstatsDebian AwstatsLaurent Destailleur Awstats
Timeline
PublishedOct 31
Latest updateMay 17

Description

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/awstats< awstats 7.1~dfsg-1 (bookworm)
Debianawstats/awstats< 7.1~dfsg-1+3

🔴Vulnerability Details

2
GHSA
GHSA-vx3h-mw4x-r37x: Unspecified vulnerability in awredir2022-05-17
OSV
CVE-2012-4547: Unspecified vulnerability in awredir2012-10-31

💥Exploits & PoCs

2
Exploit-DB
Cisco Linksys PlayerPT - ActiveX Control SetSource sURL argument Buffer Overflow (Metasploit)2012-08-03
Nuclei
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting

📋Vendor Advisories

1
Debian
CVE-2012-4547: awstats - Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact...2012

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter September 2025

💬Community

3
Bugzilla
CVE-2012-4547 awstats: potentially susceptible to XSS attacks2012-10-29
Bugzilla
CVE-2012-4547 awstats: potentially susceptible to XSS attacks [epel-all]2012-10-29
Bugzilla
CVE-2012-4547 awstats: potentially susceptible to XSS attacks [fedora-all]2012-10-29