Vulnerability Details CVE-2008-3921
Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/31630
- http://securityreason.com/securityalert/4218
- http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
- http://www.securityfocus.com/archive/1/495770/100/0/threaded
- http://www.telartis.nl/xcms/awstats/
- http://www.vupen.com/english/advisories/2008/2442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44706
- http://secunia.com/advisories/31630
- http://securityreason.com/securityalert/4218
- http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
- http://www.securityfocus.com/archive/1/495770/100/0/threaded
- http://www.telartis.nl/xcms/awstats/
- http://www.vupen.com/english/advisories/2008/2442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44706
Products affected by CVE-2008-3921
-
cpe:2.3:a:telartis_bv:awstats_totals:1.0
-
cpe:2.3:a:telartis_bv:awstats_totals:1.1
-
cpe:2.3:a:telartis_bv:awstats_totals:1.11
-
cpe:2.3:a:telartis_bv:awstats_totals:1.13
-
cpe:2.3:a:telartis_bv:awstats_totals:1.14