awstats is vulnerable to cross-site scripting. The vulnerability exists in the hostinfo
plugin due to printing a response from Net::XWhois
without proper validation checks.
github.com/eldy/AWStats/pull/226
lists.debian.org/debian-lts-announce/2022/12/msg00010.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/
lists.fedoraproject.org/archives/list/[email protected]/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/
lists.fedoraproject.org/archives/list/[email protected]/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/
security-tracker.debian.org/tracker/CVE-2022-46391