CVE-2025-49890 WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jorge Garcia de Bustos AWStats Script allows Stored XSS. This issue affects AWStats Script: from n/a through 0.3...

WordPress plugin AWStats Script 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-33958 · Jorge Garcia De Bustos · Awstats Script

Name of the Vulnerable Software and Affected Versions: AWStats Script versions n/a through 0.3 Description: An improper neutralization of input during web page generation issue, specifically a Stored Cross-site Scripting XSS flaw, exists in Jorge Garcia de Bustos AWStats Script. This allows for t...

WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin AWStats Script versions = 0.3...

CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats SEC-362...

CVE-2010-4368

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...

CVE-2009-5020

Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Fedora 37 : awstats (2023-b645c7feda)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b645c7feda advisory. Security fix for CVE-2022-46391 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

USN-5899-1: AWStats vulnerability

It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

USN-5899-1 awstats vulnerability

It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : AWStats vulnerability (USN-5899-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5899-1 advisory. It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker...

SUSE CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

SUSE CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

SUSE CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...

SUSE CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

SUSE CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

SUSE CVE-2006-1945

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

SUSE CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

SUSE CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

SUSE CVE-2006-3681

Multiple cross-site scripting XSS vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 refererpagesfilter, 2 refererpagesfilterex, 3 urlfilterex, 4 urlfilter, 5 hostfilter, or 6 hostfilterex parameters, a...