First published: Sun Dec 04 2022(Updated: )
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Awstats Awstats | >=7.0<=7.8 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
>=7.0<=7.8 | ||
=10.0 | ||
=36 | ||
=37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-46391.
The severity of CVE-2022-46391 is medium.
AWStats 7.x through 7.8, Debian Linux 10.0, Fedora 36, and Fedora 37 are affected by CVE-2022-46391.
The CWE ID for CVE-2022-46391 is CWE-79.
To fix CVE-2022-46391, update to the latest version of AWStats and apply any available patches or security updates for your operating system.