{"api_version":"1","generated_at":"2026-04-22T19:34:55+00:00","cve":"CVE-2006-3681","urls":{"html":"https://cve.report/CVE-2006-3681","api":"https://cve.report/api/cve/CVE-2006-3681.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3681","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3681"},"summary":{"title":"CVE-2006-3681","description":"Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-07-21 14:03:00","updated_at":"2017-07-20 01:32:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.ubuntu.com/usn/usn-360-1","name":"USN-360-1","refsource":"UBUNTU","tags":[],"title":"usn/usn-360-1 - Ubuntu: Linux for human beings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/22306","name":"22306","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for awstats - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25879","name":"awstats-multiple-xss(25879)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html","name":"http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html","refsource":"MISC","tags":[],"title":"- UNSECURED SYSTEMS -: AWStats 6.5.x multiple vuln.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1421","name":"ADV-2006-1421","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19725","name":"19725","refsource":"SECUNIA","tags":["Exploit","Vendor Advisory"],"title":"AWStats Cross-Site Scripting and Full Path Disclosure - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3681","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3681","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3681","vulnerable":"1","versionEndIncluding":"6.5_1.857","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"awstats","cpe5":"awstats","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3681","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"awstats-multiple-xss(25879)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25879"},{"name":"http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html","refsource":"MISC","url":"http://pridels0.blogspot.com/2006/04/awstats-65x-multiple-vuln.html"},{"name":"USN-360-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-360-1"},{"name":"ADV-2006-1421","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1421"},{"name":"22306","refsource":"SECUNIA","url":"http://secunia.com/advisories/22306"},{"name":"19725","refsource":"SECUNIA","url":"http://secunia.com/advisories/19725"}]}},"nvd":{"publishedDate":"2006-07-21 14:03:00","lastModifiedDate":"2017-07-20 01:32:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.6},"severity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5_1.857","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3681","Ordinal":"19007","Title":"CVE-2006-3681","CVE":"CVE-2006-3681","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3681","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3681","Ordinal":"2","NoteData":"2006-07-18","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3681","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}