Lucene search

Veracode Vulnerability DatabaseVERACODE:38480

HistoryDec 14, 2022 - 11:05 p.m.

Cross-site Scripting (XSS)

2022-12-1423:05:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

awstats

vulnerability

cross-site scripting

hostinfo plugin

net::xwhois

validation checks

EPSS

0.004

Percentile

72.6%

JSON

awstats is vulnerable to cross-site scripting. The vulnerability exists in the hostinfo plugin due to printing a response from Net::XWhois without proper validation checks.

References

github.com/eldy/AWStats/pull/226

lists.debian.org/debian-lts-announce/2022/12/msg00010.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

lists.fedoraproject.org/archives/list/[email protected]/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/

lists.fedoraproject.org/archives/list/[email protected]/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/

security-tracker.debian.org/tracker/CVE-2022-46391

EPSS

0.004

Percentile

72.6%

JSON

Related for VERACODE:38480