4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.518 Medium
EPSS
Percentile
97.6%
Secunia reports:
Morgan Todd has discovered a vulnerability in AWStats,
which can be exploited by malicious people to conduct
cross-site scripting attacks.
Input passed in the URL to awstats.pl is not properly
sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a
user’s browser session in context of an affected site.
Successful exploitation requires that the application is
running as a CGI script.