Launchpad.net

CVE 2008-1168

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Related bugs and status

CVE-2008-1168 (Candidate) is related to these bugs:

Bug #202758: [CVE-2008-1168] XSS in log and useragent parser

		In	Importance	Status
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu)	High	Fix Released
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Dapper)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Edgy)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Feisty)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Gutsy)	Undecided	Won't Fix
202758	[CVE-2008-1168] XSS in log and useragent parser	sarg (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECUNIA: 28668
GENTOO: GLSA-200803-21
SECUNIA: 29309
MANDRIVA: MDVSA-2008:079
BID: 28077
SECUNIA: 29500
VUPEN: ADV-2008-0750
MISC: http://sourceforge.net...
XF: sarg-useragent-xss(40972)