CVE-2008-1168

Name of the Vulnerable Software and Affected Versions Sarg version 2.2.3.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the User-Agent header. This occurs because the header is not properly handled when displaying the Squid proxy log.

Recommendations For Sarg version 2.2.3.1, as a temporary workaround, consider restricting access to the Squid proxy log display to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.