Vulnerability Details CVE-2008-3921
Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 65.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/31630
- http://securityreason.com/securityalert/4218
- http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
- http://www.securityfocus.com/archive/1/495770/100/0/threaded
- http://www.telartis.nl/xcms/awstats/
- http://www.vupen.com/english/advisories/2008/2442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44706
- http://secunia.com/advisories/31630
- http://securityreason.com/securityalert/4218
- http://userwww.service.emory.edu/~ekenda2/EMORY-2008-01.txt
- http://www.securityfocus.com/archive/1/495770/100/0/threaded
- http://www.telartis.nl/xcms/awstats/
- http://www.vupen.com/english/advisories/2008/2442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44706
Products affected by CVE-2008-3921
-
cpe:2.3:a:telartis_bv:awstats_totals:1.0
-
cpe:2.3:a:telartis_bv:awstats_totals:1.1
-
cpe:2.3:a:telartis_bv:awstats_totals:1.11
-
cpe:2.3:a:telartis_bv:awstats_totals:1.13
-
cpe:2.3:a:telartis_bv:awstats_totals:1.14