Hi Eldy, I assume that you already know about this, but I wanted to make sure. Even better, I'd love to have a patch to fix it, so that we can patch up Debian. :-)
thanks, Charles ----- Forwarded message from Micah Anderson <[EMAIL PROTECTED]> ----- CVE-2006-1945 says: Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. http://pridels.blogspot.com/2006/04/awstats-65-vuln.html This flaw exists because input passed to "config" paremeter in "awstats.pl" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Also doing XSS vuln. check attacker will get full path disclosure. This affects version 6.5 (build 1.857) and earlier. ----- End forwarded message ----- -- The answer to A shaver's dream A greaseless No brush Shaving cream Burma-Shave http://burma-shave.org/jingles/1934/the_answer_to -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
