Description
Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.
CVSS Metrics
- Vector
- AV:N/AC:H/Au:N/C:N/I:P/A:N
- Access Vector
- network
- Access Cmplx
- high
- Auth
- none
- Confidentiality
- none
- Integrity
- partial
- Availability
- none
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- AWSTATS
- Published
- 7/21/2006
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
awstats : awstats
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.