DEBIAN-CVE-2008-5080
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting XSS attacks via the querystring parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714...