USN-5899-1: AWStats vulnerability
28 February 2023
AWStats could allow cross-site scripting (XSS) attacks.
- awstats - powerful and featureful web server log analyzer
It was discovered that AWStats did not properly sanitize the content of
whois responses in the hostinfo plugin. An attacker could possibly use
this issue to conduct cross-site scripting (XSS) attacks.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.