Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/awstats@6.5-2?distro=trixie
purl pkg:deb/debian/awstats@6.5-2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-48cr-bq8t-fqd3 Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. CVE-2006-3681
VCID-7896-2ufa-kqd1 awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. CVE-2006-3682
VCID-gtjm-xaua-5bhm AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. CVE-2006-2644
VCID-sy25-mjxc-47bn AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. CVE-2006-1945
VCID-xwvz-ewcf-x7fm AWStats contains a bug in the sanitization of the input parameters which can lead to the remote execution of arbitrary code. CVE-2006-2237

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:26:46.798893+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:56:52.373127+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:26:40.194898+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:33:27.935023+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:13:12.229047+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:47:54.387636+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:25:28.234634+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:02:44.291217+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:22:12.604247+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:10:05.328089+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-02T17:17:55.109501+00:00 Debian Importer Fixing VCID-7896-2ufa-kqd1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:09:55.923104+00:00 Debian Importer Fixing VCID-xwvz-ewcf-x7fm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:08:11.521490+00:00 Debian Importer Fixing VCID-gtjm-xaua-5bhm https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:50.614968+00:00 Debian Importer Fixing VCID-48cr-bq8t-fqd3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:04:14.833538+00:00 Debian Importer Fixing VCID-sy25-mjxc-47bn https://security-tracker.debian.org/tracker/data/json 38.1.0