CVE-2022-46391 — Cross-site Scripting in Awstats

Severity

6.1MEDIUMNVD

EPSS

1.0%

top 23.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 4

Latest updateFeb 28

Description

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/awstats< awstats 7.8-3 (bookworm)

▶Debianawstats/awstats< 7.8-2+deb11u1+3

▶NVDawstats/awstats7.0 — 7.8

Also affects: Debian Linux 10.0, Fedora 36, 37

OSV

CVE-2022-46391: AWStats 7↗2022-12-04

▶

GHSA

GHSA-j6xf-hwqw-qjg4: AWStats 7↗2022-12-04

▶

Ubuntu

AWStats vulnerability↗2023-02-28

▶

Debian

CVE-2022-46391: awstats - AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a resp...↗2022

▶