CVE-2008-5080

Awstats < 6.8 - XSS

Title source: rule

Description

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.

References (5)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21

[Vendor Advisory] http://www.ubuntu.com/usn/usn-686-1

[Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=474396

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47116

[Third Party Advisory] http://secunia.com/advisories/33002

Scores

EPSS 0.0040

EPSS Percentile 60.1%

Classification

CWE

CWE-79

Status published

Affected Products (20)

awstats/awstats < 6.8

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

awstats/awstats

... and 5 more

Timeline

Published Dec 03, 2008

Tracked Since Feb 18, 2026