[email protected]NVD:CVE-2008-3714

HistoryAug 19, 2008 - 7:41 p.m.

CVE-2008-3714

2008-08-1919:41:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.518 Medium

EPSS

Percentile

97.6%

JSON

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

Affected configurations

NVD

Node

awstatsawstatsMatch6.8

References

awstats.sourceforge.net/docs/awstats_changelog.txt

bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432

secunia.com/advisories/31519

secunia.com/advisories/31759

secunia.com/advisories/32939

secunia.com/advisories/33002

sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764

www.debian.org/security/2008/dsa-1679

www.mandriva.com/security/advisories?name=MDVSA-2008:203

www.securityfocus.com/bid/30730

www.securitytracker.com/id?1020704

www.ubuntu.com/usn/usn-686-1

www.vupen.com/english/advisories/2008/2399

exchange.xforce.ibmcloud.com/vulnerabilities/44504

www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.518 Medium

EPSS

Percentile

97.6%

JSON

Related for NVD:CVE-2008-3714

prion3 debiancve4 cve4 ubuntucve4 cvelist4 openvas24 nvd3 nessus10 debian1 fedora6 osv1 seebug1 ubuntu2 redhatcve1 freebsd1 gentoo1 securityvulns1