CVE-2008-3714

Publication date 19 August 2008

Last updated 24 July 2024

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
awstats	8.10 intrepid	Fixed 6.7.dfsg-5ubuntu0.1
	8.04 LTS hardy	Fixed 6.7.dfsg-1ubuntu0.1
	7.10 gutsy	Fixed 6.6+dfsg-1ubuntu0.1
	7.04 feisty	Ignored end of life, was needs-triage
	6.06 LTS dapper	Fixed 6.5-1ubuntu1.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-686-1
AWStats vulnerability
4 December 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3714