CVE-2008-5080

Publication date 3 December 2008

Last updated 24 July 2024

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
awstats	8.10 intrepid	Fixed 6.7.dfsg-5ubuntu0.1
	8.04 LTS hardy	Fixed 6.7.dfsg-1ubuntu0.1
	7.10 gutsy	Fixed 6.6+dfsg-1ubuntu0.1
	6.06 LTS dapper	Fixed 6.5-1ubuntu1.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-686-1
AWStats vulnerability
4 December 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5080