Mandrake Security Advisory MDVSA-2009:266 (awstats)

Summary
The remote host is missing an update to awstats announced via advisory MDVSA-2009:266.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:266
Insight
A vulnerability has been found and corrected in awstats: awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714 (CVE-2008-5080). This update fixes this vulnerability. Affected: Corporate 4.0, Enterprise Server 5.0