Vulnerabilities > Awstats > Awstats > 7.5

DATE CVE VULNERABILITY TITLE RISK
2022-12-04 CVE-2022-46391 Cross-site Scripting vulnerability in multiple products
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
network
low complexity
awstats debian fedoraproject CWE-79
6.1
2020-12-12 CVE-2020-35176 Path Traversal vulnerability in multiple products
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
5.3
2020-12-07 CVE-2020-29600 Path Traversal vulnerability in multiple products
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format.
network
low complexity
awstats debian fedoraproject CWE-22
critical
9.8
2018-04-20 CVE-2018-10245 Information Exposure vulnerability in Awstats
A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682.
network
low complexity
awstats CWE-200
5.0
2018-01-03 CVE-2017-1000501 Path Traversal vulnerability in multiple products
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
network
low complexity
awstats debian CWE-22
7.5