Summary
The host is running AWStats, which is prone to XSS Vulnerability.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
NOTE: This issue exists because of an incomplete fix for CVE-2008-3714.
Solution
Update to higher Version or Apply patches from,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21
*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****
Insight
The flaw is due to query_string parameter in awstats.pl which is not properly sanitized before being returned to the user.
Affected
AWStats 6.8 and earlier.
References
Severity
Classification
-
CVE CVE-2008-5080 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities