Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-46391HistoryDec 04, 2022 - 3:15 a.m.
CVE-2022-46391
2022-12-0403:15:09
Debian Security Bug Tracker
security-tracker.debian.org
17
awstats
xss
hostinfo
net::xwhois
unix
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
72.6%
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | awstats | < 7.8-3 | awstats_7.8-3_all.deb |
| Debian | 11 | all | awstats | < 7.8-2+deb11u1 | awstats_7.8-2+deb11u1_all.deb |
| Debian | 999 | all | awstats | < 7.8-3 | awstats_7.8-3_all.deb |
| Debian | 13 | all | awstats | < 7.8-3 | awstats_7.8-3_all.deb |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-5899-1)
2023-03-02 00:00:00
Fedora: Security Advisory for awstats (FEDORA-2023-fda5480804)
2023-01-18 00:00:00
Debian: Security Advisory (DLA-3225-1)
2022-12-06 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: awstats-7.8-9.fc36
2023-01-18 01:41:15
[SECURITY] Fedora 37 Update: awstats-7.8-9.fc37
2023-01-18 01:43:27
veracode
veracode
Cross-site Scripting (XSS)
2022-12-14 23:05:08
nessus
nessus
Debian DLA-3225-1 : awstats - LTS security update
2022-12-05 00:00:00
Fedora 36 : awstats (2023-fda5480804)
2023-01-18 00:00:00
cve
cve
CVE-2022-46391
2022-12-04 03:15:09
prion
prion
Cross site scripting
2022-12-04 03:15:00
ubuntucve
ubuntucve
CVE-2022-46391
2022-12-04 00:00:00
debian
debian
[SECURITY] [DLA 3225-1] awstats security update
2022-12-05 13:07:08
osv
osv
awstats vulnerability
2023-02-28 08:23:55
CVE-2022-46391
2022-12-04 03:15:09
awstats - security update
2022-12-05 00:00:00
ubuntu
ubuntu
AWStats vulnerability
2023-02-28 00:00:00
alpinelinux
alpinelinux
CVE-2022-46391
2022-12-04 03:15:09
cvelist
cvelist
CVE-2022-46391
2022-12-04 00:00:00
nvd
nvd
CVE-2022-46391
2022-12-04 03:15:09
mageia
mageia
Updated awstats packages fix security vulnerability
2022-12-14 01:09:19
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
72.6%
Related for DEBIANCVE:CVE-2022-46391