Vulnerabilities > Awstats > Awstats > 5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1945 | Cross-Site Scripting vulnerability in AWStats AWstats.PL Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. | 2.6 |
| 2005-08-30 | CVE-2005-2732 | Information Disclosure vulnerability in AWStats AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | 5.0 |
| 2005-02-09 | CVE-2005-0362 | Local Security vulnerability in AWStats awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | 4.6 |
| 2005-01-18 | CVE-2005-0116 | Improper Input Validation vulnerability in Awstats AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. | 7.5 |