CVE ID:	CVE-2008-3714
Description:	Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Test IDs:	1.3.6.1.4.1.25623.1.0.66022   1.3.6.1.4.1.25623.1.0.62831   1.3.6.1.4.1.25623.1.0.62833   1.3.6.1.4.1.25623.1.0.66432   1.3.6.1.4.1.25623.1.0.62849   1.3.6.1.4.1.25623.1.0.62841   1.3.6.1.4.1.25623.1.0.62835   1.3.6.1.4.1.25623.1.0.61565   1.3.6.1.4.1.25623.1.0.61549   1.3.6.1.4.1.25623.1.0.63106   1.3.6.1.4.1.25623.1.0.61634
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3714 Debian Security Information: DSA-1679 (Google Search) http://www.debian.org/security/2008/dsa-1679 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:203 http://www.ubuntu.com/usn/usn-686-1 BugTraq ID: 30730 http://www.securityfocus.com/bid/30730 http://secunia.com/advisories/33002 http://www.vupen.com/english/advisories/2008/2399 http://www.securitytracker.com/id?1020704 http://secunia.com/advisories/31519 http://secunia.com/advisories/31759 http://secunia.com/advisories/32939 XForce ISS Database: awstats-awstats-xss(44504) http://xforce.iss.net/xforce/xfdb/44504

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: