FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5080

This CVE name corresponds to:

Entered Topic
2009-01-04 awstats -- multiple XSS vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-5080
Phase Assigned(20081114)

Description

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.

References

Source Reference
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=474396
UBUNTU USN-686-1
SECUNIA 33002
XF awstats-querystring-xss(47116)