CVE-2008-3714: XSS
First published: Mon Jun 23 2008(Updated: )
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AWStats | =6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://awstats.sourceforge.net/docs/awstats_changelog.txt
- http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
- http://secunia.com/advisories/31519
- http://www.securityfocus.com/bid/30730
- http://www.securitytracker.com/id?1020704
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00355.html
- http://secunia.com/advisories/31759
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00107.html
- http://secunia.com/advisories/32939
- http://www.debian.org/security/2008/dsa-1679
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
- http://www.ubuntu.com/usn/usn-686-1
- http://secunia.com/advisories/33002
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:203
- http://www.vupen.com/english/advisories/2008/2399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44504
- https://access.redhat.com/security/cve/CVE-2008-3714
- https://access.redhat.com/security/cve/CVE-2006-3681
- https://access.redhat.com/security/cve/CVE-2006-1945
- http://bugs.gentoo.org/show_bug.cgi?id=235225
- http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=459865
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7684
- https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7663
- https://bugzilla.redhat.com/show_bug.cgi?id=459605
- https://www.cve.org/CVERecord?id=CVE-2008-3714 https://nvd.nist.gov/vuln/detail/CVE-2008-3714
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3714.json
Frequently Asked Questions
What is the severity of CVE-2008-3714?
CVE-2008-3714 is considered a high severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2008-3714?
To fix CVE-2008-3714, upgrade AWStats to version 6.9 or later, where the XSS vulnerability has been addressed.
What specific vulnerability does CVE-2008-3714 describe?
CVE-2008-3714 describes a cross-site scripting vulnerability in awstats.pl that allows remote attackers to inject arbitrary scripts via the query_string.
Which version of AWStats is affected by CVE-2008-3714?
AWStats version 6.8 is affected by CVE-2008-3714.
Who can exploit CVE-2008-3714?
Remote attackers can exploit CVE-2008-3714 to execute arbitrary web script or HTML on affected systems.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-cve
- source/Red Hat
- collector/redhat-bugzilla
- alias/CVE-2008-3714
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/awstats
- canonical/awstats
- version/awstats/6.8