Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia 8: MGASA-2022-0461 Moderate Vulnerability in AWStats XSS Risk

mageia
Calendar Grey December 13, 2022
Dist Mageia Esm H88
AWStats 7.x encountered a Cross-Site Scripting (XSS) vulnerability triggered by insufficient validation in the hostinfo module. An upgrade is necessary to address this vulnerability.
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks

Summary

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. (CVE-2022-46391)

References

- https://bugs.mageia.org/show_bug.cgi?id=31230

- https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html

- https://www.cve.org/CVERecord?id=CVE-2022-46391

Topics%20covered

Topics Covered

security advisory moderate security issue XSS AWStats Mageia hostinfo plugin

Resolution

SRPMS

- 8/core/awstats-7.8-2.1.mga8

Publication date: 13 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0461.html
Type: security
CVE: CVE-2022-46391

Topics%20covered

Topics Covered

security advisory moderate security issue XSS AWStats Mageia hostinfo plugin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here