Vulnerabilities > Awstats > Awstats > 7.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-04 | CVE-2022-46391 | Cross-site Scripting vulnerability in multiple products AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 6.1 |
| 2020-12-12 | CVE-2020-35176 | Path Traversal vulnerability in multiple products In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. | 5.3 |