{"url":"http://public2.vulnerablecode.io/api/packages/1035901?format=json","purl":"pkg:deb/debian/awstats@6.5%2Bdfsg-1%2Betch1","type":"deb","namespace":"debian","name":"awstats","version":"6.5+dfsg-1+etch1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.8-3+deb12u2","latest_non_vulnerable_version":"8.0-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88424?format=json","vulnerability_id":"VCID-4mn4-kwvz-zfdr","summary":"awstats: Cross-site scripting (XSS) vulnerability","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714","reference_id":"","reference_type":"","scores":[{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88627","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88463","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.8847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.8849","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88509","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88515","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88526","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88518","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88542","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88547","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88558","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88574","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88588","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88587","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04053","scoring_system":"epss","scoring_elements":"0.88599","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3714"},{"reference_url":"http://secunia.com/advisories/31519","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31519"},{"reference_url":"http://secunia.com/advisories/31759","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/31759"},{"reference_url":"http://secunia.com/advisories/32939","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32939"},{"reference_url":"http://secunia.com/advisories/33002","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33002"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44504","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44504"},{"reference_url":"http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html"},{"reference_url":"http://www.debian.org/security/2008/dsa-1679","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2008/dsa-1679"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:203","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:203"},{"reference_url":"http://www.securityfocus.com/bid/30730","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/30730"},{"reference_url":"http://www.securitytracker.com/id?1020704","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1020704"},{"reference_url":"http://www.ubuntu.com/usn/usn-686-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-686-1"},{"reference_url":"http://www.vupen.com/english/advisories/2008/2399","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2008/2399"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605","reference_id":"459605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=459605"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"495432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3714","reference_id":"CVE-2008-3714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3714"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/32258.txt"},{"reference_url":"https://www.securityfocus.com/bid/30730/info","reference_id":"CVE-2008-3714;OSVDB-47536","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30730/info"},{"reference_url":"https://usn.ubuntu.com/686-1/","reference_id":"USN-686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035902?format=json","purl":"pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1"}],"aliases":["CVE-2008-3714"],"risk_score":7.8,"exploitability":"2.0","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mn4-kwvz-zfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96858?format=json","vulnerability_id":"VCID-6241-45ms-x3ec","summary":"AWStats 8.0 is vulnerable to Command Injection via the open function","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63261","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19454","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2052","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20551","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20587","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20534","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23952","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23915","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23913","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23801","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23883","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24003","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23966","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23953","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-63261"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878","reference_id":"1131878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131878"},{"reference_url":"https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl","reference_id":"awstats.pl","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/"}],"url":"https://github.com/eldy/AWStats/blob/develop/wwwroot/cgi-bin/awstats.pl"},{"reference_url":"https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf","reference_id":"PTT-2025-021-Code-Execution-in-AWStats.pdf","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-23T14:09:17Z/"}],"url":"https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584427?format=json","purl":"pkg:deb/debian/awstats@7.8-3%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054207?format=json","purl":"pkg:deb/debian/awstats@7.8-3%2Bdeb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-3%252Bdeb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054208?format=json","purl":"pkg:deb/debian/awstats@7.9-1%2Bdeb13u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.9-1%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1026207?format=json","purl":"pkg:deb/debian/awstats@8.0-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@8.0-5"}],"aliases":["CVE-2025-63261"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-45ms-x3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92087?format=json","vulnerability_id":"VCID-9xag-6wej-6bgk","summary":"Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39046","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39309","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3947","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39494","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39478","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39486","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39458","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39372","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39161","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38953","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39023","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3904","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38972","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369"},{"reference_url":"http://secunia.com/advisories/43004","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43004"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"},{"reference_url":"http://www.securityfocus.com/bid/45210","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/45210"},{"reference_url":"http://www.ubuntu.com/usn/USN-1047-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1047-1"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0202","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4369","reference_id":"CVE-2010-4369","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4369"},{"reference_url":"https://usn.ubuntu.com/1047-1/","reference_id":"USN-1047-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1047-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4369"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xag-6wej-6bgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94571?format=json","vulnerability_id":"VCID-fxrv-1bju-qkgm","summary":"In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176","reference_id":"","reference_type":"","scores":[{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76194","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76233","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76257","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.7628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76289","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76318","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76325","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00937","scoring_system":"epss","scoring_elements":"0.76341","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190","reference_id":"977190","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190"},{"reference_url":"https://security.archlinux.org/ASA-202103-15","reference_id":"ASA-202103-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-15"},{"reference_url":"https://security.archlinux.org/AVG-1356","reference_id":"AVG-1356","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1356"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2020-35176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92396?format=json","vulnerability_id":"VCID-kfb9-pts3-dffa","summary":"Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"http://openwall.com/lists/oss-security/2012/10/26/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2012/10/26/1"},{"reference_url":"http://openwall.com/lists/oss-security/2012/10/29/7","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2012/10/29/7"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547","reference_id":"","reference_type":"","scores":[{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96845","published_at":"2026-05-14T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96777","published_at":"2026-04-04T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.9679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.968","published_at":"2026-04-16T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96804","published_at":"2026-04-18T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96807","published_at":"2026-04-26T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96811","published_at":"2026-04-29T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96819","published_at":"2026-05-05T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96822","published_at":"2026-05-07T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96828","published_at":"2026-05-09T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.9683","published_at":"2026-05-11T12:55:00Z"},{"value":"0.31657","scoring_system":"epss","scoring_elements":"0.96835","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4547"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79638","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79638"},{"reference_url":"http://www.securityfocus.com/bid/56280","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56280"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:2.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:laurent_destailleur:awstats:6.95:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4547","reference_id":"CVE-2012-4547","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4547"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035905?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1"}],"aliases":["CVE-2012-4547"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfb9-pts3-dffa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91994?format=json","vulnerability_id":"VCID-kspy-ctky-ykav","summary":"Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020","reference_id":"","reference_type":"","scores":[{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80612","published_at":"2026-05-14T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80393","published_at":"2026-04-04T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80411","published_at":"2026-04-08T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80421","published_at":"2026-04-09T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80447","published_at":"2026-04-16T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80452","published_at":"2026-04-21T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80484","published_at":"2026-04-26T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80501","published_at":"2026-04-29T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80517","published_at":"2026-05-05T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.8054","published_at":"2026-05-07T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.8056","published_at":"2026-05-09T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.014","scoring_system":"epss","scoring_elements":"0.80571","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5020"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5020","reference_id":"CVE-2009-5020","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-5020"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2009-5020"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kspy-ctky-ykav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92086?format=json","vulnerability_id":"VCID-mds9-fb3d-9qgt","summary":"awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.","references":[{"reference_url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt","reference_id":"","reference_type":"","scores":[],"url":"http://awstats.sourceforge.net/docs/awstats_changelog.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367","reference_id":"","reference_type":"","scores":[{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91705","published_at":"2026-05-14T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91621","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91633","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91641","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91662","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91669","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91691","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.9169","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07265","scoring_system":"epss","scoring_elements":"0.91699","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367"},{"reference_url":"http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263","reference_id":"606263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606263"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.1.:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4_1:sarge1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5_1.857:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4367","reference_id":"CVE-2010-4367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4367"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/35035.txt"},{"reference_url":"https://www.securityfocus.com/bid/45123/info","reference_id":"CVE-2010-4367;OSVDB-69606","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/45123/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035903?format=json","purl":"pkg:deb/debian/awstats@6.9.5~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.9.5~dfsg-5"}],"aliases":["CVE-2010-4367"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mds9-fb3d-9qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90749?format=json","vulnerability_id":"VCID-pbfq-fen2-dkhs","summary":"awstats: incomplete fix for CVE-2008-3714 XSS issue","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5080","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60581","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60323","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60393","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60459","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60486","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60495","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60485","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60477","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60493","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6052","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080"},{"reference_url":"http://secunia.com/advisories/33002","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33002"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47116","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/47116"},{"reference_url":"http://www.ubuntu.com/usn/usn-686-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-686-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=474396","reference_id":"474396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=474396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432","reference_id":"495432","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5080","reference_id":"CVE-2008-5080","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5080"},{"reference_url":"https://usn.ubuntu.com/686-1/","reference_id":"USN-686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035902?format=json","purl":"pkg:deb/debian/awstats@6.7.dfsg-5.1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-9xag-6wej-6bgk"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-kfb9-pts3-dffa"},{"vulnerability":"VCID-kspy-ctky-ykav"},{"vulnerability":"VCID-mds9-fb3d-9qgt"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.7.dfsg-5.1%252Blenny1"}],"aliases":["CVE-2008-5080"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbfq-fen2-dkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50243?format=json","vulnerability_id":"VCID-qabb-bgqe-afdd","summary":"Multiple vulnerabilities have been found in AWStats, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91231","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91219","published_at":"2026-05-12T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91092","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.911","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91109","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91135","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.9116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91159","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91174","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.9117","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91183","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.912","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06548","scoring_system":"epss","scoring_elements":"0.91211","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501"},{"reference_url":"https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651"},{"reference_url":"https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html"},{"reference_url":"https://www.debian.org/security/2018/dsa-4092","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4092"},{"reference_url":"http://www.awstats.org/","reference_id":"","reference_type":"","scores":[],"url":"http://www.awstats.org/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835","reference_id":"885835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000501","reference_id":"CVE-2017-1000501","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000501"},{"reference_url":"https://security.gentoo.org/glsa/202007-37","reference_id":"GLSA-202007-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-37"},{"reference_url":"https://usn.ubuntu.com/3518-1/","reference_id":"USN-3518-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3518-1/"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035906?format=json","purl":"pkg:deb/debian/awstats@7.2%2Bdfsg-1%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.2%252Bdfsg-1%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037617?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-qabb-bgqe-afdd"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1052113?format=json","purl":"pkg:deb/debian/awstats@7.6%2Bdfsg-2%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"},{"vulnerability":"VCID-fxrv-1bju-qkgm"},{"vulnerability":"VCID-s1bj-dpp3-9ubt"},{"vulnerability":"VCID-vqyg-xfyk-h3e5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.6%252Bdfsg-2%252Bdeb10u1"}],"aliases":["CVE-2017-1000501"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qabb-bgqe-afdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95315?format=json","vulnerability_id":"VCID-s1bj-dpp3-9ubt","summary":"AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46391","reference_id":"","reference_type":"","scores":[{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76555","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76483","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76502","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7649","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76506","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76359","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76385","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76411","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.7643","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00952","scoring_system":"epss","scoring_elements":"0.76414","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46391"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410","reference_id":"1025410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025410"},{"reference_url":"https://github.com/eldy/AWStats/pull/226","reference_id":"226","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://github.com/eldy/AWStats/pull/226"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/","reference_id":"GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRFYH4DE3COMI3LJCOQQXA4FWOABU6Z2/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/","reference_id":"MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T15:20:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYUZIFVB4N3NK4WGNHRNXZKJITCJBJX4/"},{"reference_url":"https://usn.ubuntu.com/5899-1/","reference_id":"USN-5899-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5899-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2022-46391"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bj-dpp3-9ubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94560?format=json","vulnerability_id":"VCID-vqyg-xfyk-h3e5","summary":"In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29600","reference_id":"","reference_type":"","scores":[{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.8464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84654","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84736","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84789","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84814","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84832","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84827","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84843","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.84876","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29600"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469","reference_id":"891469","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891469"},{"reference_url":"https://usn.ubuntu.com/4953-1/","reference_id":"USN-4953-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4953-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052114?format=json","purl":"pkg:deb/debian/awstats@7.8-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6241-45ms-x3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@7.8-2%252Bdeb11u1"}],"aliases":["CVE-2020-29600"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqyg-xfyk-h3e5"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/awstats@6.5%252Bdfsg-1%252Betch1"}