CVE-2008-5080
EPSS 0.40%Published: 12/3/2008Modified: 4/28/2026
Description
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
Affected packages (1)
- Debian/awstatsfrom 0, < 6.7.dfsg-5.1