Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Morgan Todd discovered that AWStats did not correctly strip quotes
from certain parameters, allowing for an XSS attack when running as a
CGI. If a user was tricked by a remote attacker into following a
specially crafted URL, the user's authentication information could be
exposed for the domain where AWStats was hosted.
Update the affected awstats package.
Risk factor :
Medium / CVSS Base Score : 4.3