Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Nov 2001 06:34:49 +0100
From: (Dirk Meyer)
Subject:   Vulnerability in webalizer prior 2.1.9
Message-ID:  </>

Next in thread | Raw E-Mail | Index | Archive | Help


  There is a cross-site scripting vulnerability in webalizer which can
  allow an attacker to exploit a victim by embedding malicious HTML tags
  in webalizer-generated reports.

  This update fixes the aforementioned cross-site scripting
  vulnerability reported by Magnux Software.  This updated version also
  fixes a date calculation overflow error and enables DNS resolution
  provided it is enabled in the webalizer configuration file.

vulnerable versions:
	All version 2.x up to 2.1.6_4

2001/10/25 updated in the ports tree.
2001/11/03 email to 

Packages need to build/fetched:

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany


To Unsubscribe: send mail to
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <>