Vulnerability Details CVE-2008-5080
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
- http://secunia.com/advisories/33002
- http://www.ubuntu.com/usn/usn-686-1
- https://bugzilla.redhat.com/show_bug.cgi?id=474396
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47116
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
- http://secunia.com/advisories/33002
- http://www.ubuntu.com/usn/usn-686-1
- https://bugzilla.redhat.com/show_bug.cgi?id=474396
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47116
Products affected by CVE-2008-5080
-
cpe:2.3:a:awstats:awstats:1.0
-
cpe:2.3:a:awstats:awstats:4.0
-
cpe:2.3:a:awstats:awstats:4.1
-
cpe:2.3:a:awstats:awstats:5.0
-
cpe:2.3:a:awstats:awstats:5.1
-
cpe:2.3:a:awstats:awstats:5.2
-
cpe:2.3:a:awstats:awstats:5.3
-
cpe:2.3:a:awstats:awstats:5.4
-
cpe:2.3:a:awstats:awstats:5.5
-
cpe:2.3:a:awstats:awstats:5.6
-
cpe:2.3:a:awstats:awstats:5.7
-
cpe:2.3:a:awstats:awstats:5.8
-
cpe:2.3:a:awstats:awstats:5.9
-
cpe:2.3:a:awstats:awstats:6.0
-
cpe:2.3:a:awstats:awstats:6.1
-
cpe:2.3:a:awstats:awstats:6.2
-
cpe:2.3:a:awstats:awstats:6.3
-
cpe:2.3:a:awstats:awstats:6.4
-
cpe:2.3:a:awstats:awstats:6.5
-
cpe:2.3:a:awstats:awstats:6.6
-
cpe:2.3:a:awstats:awstats:6.7
-
cpe:2.3:a:awstats:awstats:6.8