Описание
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 6.5-1ubuntu1.3 |
| devel | not-affected | 6.7.dfsg-5.1 |
| gutsy | released | 6.6+dfsg-1ubuntu0.1 |
| hardy | released | 6.7.dfsg-1ubuntu0.1 |
| intrepid | released | 6.7.dfsg-5ubuntu0.1 |
| upstream | released | 6.7.dfsg-5.1 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
awstats.pl in AWStats 6.8 and earlier does not properly remove quote c ...
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
4.3 Medium
CVSS2