+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Update/Upgrade (/forum-44.html)
+--- Thread: AWstats 6.9 (/thread-6368.html)
AWstats 6.9 - moulin - 04-11-2009 11:11 PM
AWstats is mentioning a security risk in AWstats 6.8 or lower.
Quote:Not correctly sanitized parameters can be used to have AWStats URL generate an output with an URL that contains javscript used for a XSS attacks.see website
Since ispCP Omega bundles version 6.7 I was wondering if any of you tried to install a newer version of AWstats. I know the script is only accessible after a .htaccess.
Would like to hear your thoughts...
RE: AWstats 6.9 - RatS - 04-12-2009 03:06 PM
actually just update your distribution, because AWStats will be installed via the distribution repositories. We only deliver a predefined config and the maillogconvert.pl.