CVE-2001-0835 Information

Description

Cross-site scripting vulnerability in Webalizer 2.01-06 and possibly other versions allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information or (2) host names that are retrieved via a reverse DNS lookup.

Reference

http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html http://marc.info/?l=bugtraq&m=100394630702875&w=2 http://www.linuxsecurity.com/advisories/other_advisory-1677.html http://www.mrunix.net/webalizer/news.html http://www.redhat.com/support/errata/RHSA-2001-140.html http://www.redhat.com/support/errata/RHSA-2001-141.html http://www.securityfocus.com/bid/3473 https://exchange.xforce.ibmcloud.com/vulnerabilities/7350 https://exchange.xforce.ibmcloud.com/vulnerabilities/7351