{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","type":"deb","namespace":"debian","name":"awstats","version":"6.5+dfsg-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.8-3+deb12u2","latest_non_vulnerable_version":"8.0-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88424?format=json","vulnerability_id":"VCID-4mn4-kwvz-zfdr","summary":"awstats: Cross-site scripting (XSS) vulnerability","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714","reference_id":"","reference_type":"","scores":[{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88588","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88463","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.8847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.8849","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88509","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88515","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88542","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88547","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88558","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88574","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714"},{"reference_url":"http://secunia.com/advisories/31519","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31519"},{"reference_url":"http://secunia.com/advisories/31759","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31759"},{"reference_url":"http://secunia.com/advisories/32939","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32939"},{"reference_url":"http://secunia.com/advisories/33002","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33002"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44504","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44504"},{"reference_url":"http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1679","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1679"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:203","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:203"},{"reference_url":"http://www.securityfocus.com/bid/30730","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30730"},{"reference_url":"http://www.securitytracker.com/id?1020704","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020704"},{"reference_url":"http://www.ubuntu.com/usn/usn-686-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-686-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2399","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2399"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605","reference_id":"459605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"495432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3714","reference_id":"CVE-2008-3714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3714"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt"},{"reference_url":"https://www.securityfocus.com/bid/30730/info","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30730/info"},{"reference_url":"https://usn.ubuntu.com/686-1/","reference_id":"USN-686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035902?format=json","purl":"pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1"}],"aliases":["CVE-2008-3714"],"risk_score":7.8,"exploitability":"2.0","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mn4-kwvz-zfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96858?format=json","vulnerability_id":"VCID-6241-45ms-x3ec","summary":"AWStats 8.0 is vulnerable to Command Injection via the open function","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63261","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19454","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20551","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20534","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2052","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23966","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23801","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23883","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23952","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23913","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23953","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878","reference_id":"1131878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878"},{"reference_url":"https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl","reference_id":"awstats.pl","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/"}],"url":"https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"},{"reference_url":"https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf","reference_id":"PTT-2025-021-Code-Execution-in-AWStats.pdf","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/"}],"url":"https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584427?format=json","purl":"pkg:deb/debian/awstats@7.8-3%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054207?format=json","purl":"pkg:deb/debian/awstats@7.8-3%2Bdeb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054208?format=json","purl":"pkg:deb/debian/awstats@7.9-1%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026207?format=json","purl":"pkg:deb/debian/awstats@8.0-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5"}],"aliases":["CVE-2025-63261"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-45ms-x3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92087?format=json","vulnerability_id":"VCID-9xag-6wej-6bgk","summary":"Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3904","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39309","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3947","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39486","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39458","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39372","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39161","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38953","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39023","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369"},{"reference_url":"http://secunia.com/advisories/43004","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43004"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"},{"reference_url":"http://www.securityfocus.com/bid/45210","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/45210"},{"reference_url":"http://www.ubuntu.com/usn/USN-1047-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1047-1"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0202","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4369","reference_id":"CVE-2010-4369","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4369"},{"reference_url":"https://usn.ubuntu.com/1047-1/","reference_id":"USN-1047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4369"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xag-6wej-6bgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94571?format=json","vulnerability_id":"VCID-fxrv-1bju-qkgm","summary":"In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176","reference_id":"","reference_type":"","scores":[{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76194","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76233","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76289","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76318","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190","reference_id":"977190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190"},{"reference_url":"https://security.archlinux.org/ASA-202103-15","reference_id":"ASA-202103-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-15"},{"reference_url":"https://security.archlinux.org/AVG-1356","reference_id":"AVG-1356","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1356"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2020-35176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92396?format=json","vulnerability_id":"VCID-kfb9-pts3-dffa","summary":"Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"http://openwall.com/lists/oss-security/2012/10/26/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2012/10/26/1"},{"reference_url":"http://openwall.com/lists/oss-security/2012/10/29/7","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2012/10/29/7"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547","reference_id":"","reference_type":"","scores":[{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96828","published_at":"2026-05-09T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96777","published_at":"2026-04-04T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.9679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96804","published_at":"2026-04-18T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96807","published_at":"2026-04-26T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96811","published_at":"2026-04-29T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96819","published_at":"2026-05-05T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79638","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79638"},{"reference_url":"http://www.securityfocus.com/bid/56280","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56280"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4547","reference_id":"CVE-2012-4547","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035905?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1"}],"aliases":["CVE-2012-4547"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfb9-pts3-dffa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91994?format=json","vulnerability_id":"VCID-kspy-ctky-ykav","summary":"Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020","reference_id":"","reference_type":"","scores":[{"value":"0.014","scoring_system":"epss","scoring_elements":"0.8056","published_at":"2026-05-09T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80393","published_at":"2026-04-04T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-08T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80421","published_at":"2026-04-09T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80447","published_at":"2026-04-16T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80452","published_at":"2026-04-21T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80484","published_at":"2026-04-26T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80501","published_at":"2026-04-29T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80517","published_at":"2026-05-05T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.8054","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5020","reference_id":"CVE-2009-5020","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2009-5020"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kspy-ctky-ykav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92086?format=json","vulnerability_id":"VCID-mds9-fb3d-9qgt","summary":"awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367","reference_id":"","reference_type":"","scores":[{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91691","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91621","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91641","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91662","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91669","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367"},{"reference_url":"http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4367","reference_id":"CVE-2010-4367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4367"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt"},{"reference_url":"https://www.securityfocus.com/bid/45123/info","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45123/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4367"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mds9-fb3d-9qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90749?format=json","vulnerability_id":"VCID-pbfq-fen2-dkhs","summary":"awstats: incomplete fix for CVE-2008-3714 XSS issue","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5080","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60323","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60393","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60459","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60486","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60495","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60485","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60477","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080"},{"reference_url":"http://secunia.com/advisories/33002","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33002"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47116","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47116"},{"reference_url":"http://www.ubuntu.com/usn/usn-686-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-686-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=474396","reference_id":"474396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=474396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"495432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5080","reference_id":"CVE-2008-5080","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5080"},{"reference_url":"https://usn.ubuntu.com/686-1/","reference_id":"USN-686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035902?format=json","purl":"pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1"}],"aliases":["CVE-2008-5080"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbfq-fen2-dkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50243?format=json","vulnerability_id":"VCID-qabb-bgqe-afdd","summary":"Multiple vulnerabilities have been found in AWStats, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91211","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.912","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91109","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91135","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.9116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91159","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91174","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.9117","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91183","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501"},{"reference_url":"https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651"},{"reference_url":"https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html"},{"reference_url":"https://www.debian.org/security/2018/dsa-4092","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4092"},{"reference_url":"http://www.awstats.org/","reference_id":"","reference_type":"","scores":[],"url":"http://www.awstats.org/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835","reference_id":"885835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000501","reference_id":"CVE-2017-1000501","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000501"},{"reference_url":"https://security.gentoo.org/glsa/202007-37","reference_id":"GLSA-202007-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-37"},{"reference_url":"https://usn.ubuntu.com/3518-1/","reference_id":"USN-3518-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3518-1/"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035906?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037617?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1052113?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%252Bdeb10u1"}],"aliases":["CVE-2017-1000501"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qabb-bgqe-afdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95315?format=json","vulnerability_id":"VCID-s1bj-dpp3-9ubt","summary":"AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46391","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76502","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7643","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76414","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76359","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76385","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76411","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76384","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410","reference_id":"1025410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410"},{"reference_url":"https://github.com/eldy/AWStats/pull/226","reference_id":"226","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://github.com/eldy/AWStats/pull/226"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/","reference_id":"GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/","reference_id":"MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/"},{"reference_url":"https://usn.ubuntu.com/5899-1/","reference_id":"USN-5899-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5899-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2022-46391"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bj-dpp3-9ubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94560?format=json","vulnerability_id":"VCID-vqyg-xfyk-h3e5","summary":"In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29600","reference_id":"","reference_type":"","scores":[{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.8464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84654","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84736","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84789","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84814","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84832","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469","reference_id":"891469","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2020-29600"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqyg-xfyk-h3e5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91585?format=json","vulnerability_id":"VCID-48cr-bq8t-fqd3","summary":"Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3681","reference_id":"","reference_type":"","scores":[{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69777","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69769","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69832","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69855","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.6984","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69877","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69909","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69919","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69939","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.6997","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3681"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960","reference_id":"378960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960"},{"reference_url":"https://usn.ubuntu.com/360-1/","reference_id":"USN-360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-3681"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48cr-bq8t-fqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91586?format=json","vulnerability_id":"VCID-7896-2ufa-kqd1","summary":"awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3682","reference_id":"","reference_type":"","scores":[{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92009","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.9204","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92043","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92047","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92044","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92062","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92059","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92057","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.9206","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92081","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07923","scoring_system":"epss","scoring_elements":"0.92089","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3682"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3682"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960","reference_id":"378960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378960"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt","reference_id":"CVE-2006-3682;OSVDB-25205","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32870.txt"},{"reference_url":"https://www.securityfocus.com/bid/34159/info","reference_id":"CVE-2006-3682;OSVDB-25205","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/34159/info"},{"reference_url":"https://usn.ubuntu.com/360-1/","reference_id":"USN-360-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/360-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-3682"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7896-2ufa-kqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91559?format=json","vulnerability_id":"VCID-gtjm-xaua-5bhm","summary":"AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2644","reference_id":"","reference_type":"","scores":[{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77352","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77396","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77405","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77408","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77447","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77446","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77437","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77478","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77491","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77498","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77525","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01038","scoring_system":"epss","scoring_elements":"0.77548","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2644"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910","reference_id":"365910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365910"},{"reference_url":"https://usn.ubuntu.com/290-1/","reference_id":"USN-290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-2644"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtjm-xaua-5bhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60687?format=json","vulnerability_id":"VCID-sy25-mjxc-47bn","summary":"AWStats contains a bug in the sanitization of the input parameters which\n    can lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1945","reference_id":"","reference_type":"","scores":[{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88058","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.8808","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88121","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88114","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88128","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88126","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88144","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88149","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88161","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88175","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03817","scoring_system":"epss","scoring_elements":"0.88189","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1945"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443","reference_id":"364443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364443"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt","reference_id":"CVE-2006-1945;OSVDB-24745","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/27694.txt"},{"reference_url":"https://www.securityfocus.com/bid/17621/info","reference_id":"CVE-2006-1945;OSVDB-24745","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/17621/info"},{"reference_url":"https://security.gentoo.org/glsa/200606-06","reference_id":"GLSA-200606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-1945"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy25-mjxc-47bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91372?format=json","vulnerability_id":"VCID-wezb-5vk9-1qdf","summary":"Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1527","reference_id":"","reference_type":"","scores":[{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80074","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79895","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79923","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79948","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79951","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79943","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79971","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79972","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.79974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80008","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80036","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80059","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-1527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"reference_url":"http://secunia.com/advisories/16412","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/16412"},{"reference_url":"http://secunia.com/advisories/17463","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/17463"},{"reference_url":"http://securitytracker.com/id?1014636","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1014636"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/21769","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/21769"},{"reference_url":"http://www.debian.org/security/2005/dsa-892","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2005/dsa-892"},{"reference_url":"http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false","reference_id":"","reference_type":"","scores":[],"url":"http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false"},{"reference_url":"http://www.novell.com/linux/security/advisories/2005_19_sr.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.novell.com/linux/security/advisories/2005_19_sr.html"},{"reference_url":"http://www.osvdb.org/18696","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/18696"},{"reference_url":"http://www.securiteam.com/unixfocus/5DP0J00GKE.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.securiteam.com/unixfocus/5DP0J00GKE.html"},{"reference_url":"http://www.securityfocus.com/bid/14525","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/14525"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591","reference_id":"322591","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322591"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2005-1527","reference_id":"CVE-2005-1527","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-1527"},{"reference_url":"https://usn.ubuntu.com/167-1/","reference_id":"USN-167-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/167-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2005-1527"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wezb-5vk9-1qdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60688?format=json","vulnerability_id":"VCID-xwvz-ewcf-x7fm","summary":"AWStats contains a bug in the sanitization of the input parameters which\n    can lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2237","reference_id":"","reference_type":"","scores":[{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99613","published_at":"2026-04-01T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99612","published_at":"2026-04-02T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99615","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-04-16T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.9962","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.90596","scoring_system":"epss","scoring_elements":"0.99623","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909","reference_id":"365909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb","reference_id":"CVE-2006-2237;OSVDB-25284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/16886.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb","reference_id":"CVE-2006-2237;OSVDB-25284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/9909.rb"},{"reference_url":"https://security.gentoo.org/glsa/200606-06","reference_id":"GLSA-200606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-06"},{"reference_url":"http://secunia.com/advisories/19969/","reference_id":"OSVDB-25284;CVE-2006-2237","reference_type":"exploit","scores":[],"url":"http://secunia.com/advisories/19969/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py","reference_id":"OSVDB-25284;CVE-2006-2237","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/1755.py"},{"reference_url":"https://usn.ubuntu.com/285-1/","reference_id":"USN-285-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/285-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035900?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mn4-kwvz-zfdr"},{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-pbfq-fen2-dkhs"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}],"aliases":["CVE-2006-2237"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwvz-ewcf-x7fm"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1"}