CVE-2008-5080
EPSS 0.40%
Description
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
How to fix CVE-2008-5080
To remediate CVE-2008-5080, upgrade the affected package to a fixed version below.
- Debian/awstats—upgrade to 6.7.dfsg-5.1 or later
Is CVE-2008-5080 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 6.7.dfsg-5.1