Lucene search

[email protected]CVE-2006-3681

HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3681

2006-07-2114:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3681

xss

awstats

vulnerability

remote attackers

web script

html

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.

CPENameOperatorVersion
awstats:awstatsawstatsle6.5_1.857

CPE	Name	Operator	Version
awstats:awstats	awstats	le	6.5_1.857

References

pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html

secunia.com/advisories/19725

secunia.com/advisories/22306

www.ubuntu.com/usn/usn-360-1

www.vupen.com/english/advisories/2006/1421

exchange.xforce.ibmcloud.com/vulnerabilities/25879

5.5 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2006-3681

ubuntucve3 cvelist3 debiancve3 cve2 prion2 openvas6 ubuntu1 nessus2 gentoo1