SUSE CVE-2006-1945

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

AWStats awstats.pl跨站脚本漏洞

BUGTRAQ ID: 30730 CVECAN ID: CVE-2008-3714 AWStats是一款流行的基于Web的网站流量分析软件。 AWStats的awstats.pl脚本没有正确地过滤config请求参数，如果用户跟随了恶意链接的话就可能导致在浏览器会话中注入并执行任意web脚本或HTML代码。 AWStats 6.8 Debian ------ Debian已经为此发布了一个安全公告（DSA-1679-1）以及相应补丁: DSA-1679-1：New awstats packages fix cross-site scripting...

CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

CVE-2006-1945

CVE-2006-1945 is an XSS vulnerability in AWStats 6.5 and earlier, affecting awstats.pl via the config parameter. An attacker could inject arbitrary web script or HTML. The description notes a possible correlation with CVE-2005-2732, but no explicit remediation details are provided in the document...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...