From 915242e77576d6306e65d8443c894465acdc97b3 Mon Sep 17 00:00:00 2001 From: Chin-San Huang Date: Sun, 4 Jan 2009 06:21:42 +0000 Subject: - Document awstats -- multiple XSS vulnerabilities PR: ports/129957 Submitted by: Eygene Ryabinkin Approved by: Alex Samorukov (maintainer) Security: http://secunia.com/advisories/31519 --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index da39d9d9152d..83857315f6c8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -35,6 +35,42 @@ Note: Please add new entries to the beginning of this file. --> + + awstats -- multiple XSS vulnerabilities + + + awstats + 6.8_3,1 + + + + +

Secunia reports:

+
Morgan Todd has discovered a vulnerability in AWStats, + which can be exploited by malicious people to conduct + cross-site scripting attacks.
+
Input passed in the URL to awstats.pl is not properly + sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a + user's browser session in context of an affected site.
+
Successful exploitation requires that the application is + running as a CGI script.
+

+ + + + CVE-2008-3714 + CVE-2008-5080 + http://secunia.com/advisories/31519 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432 + + + 2008-03-12 + 2009-01-04 + + + p5-File-Path -- rmtree allows creation of setuid files -- cgit v1.2.3