CVE-2001-0835

Name of the Vulnerable Software and Affected Versions Webalizer versions 2.01 through 2.06

Description A cross-site scripting issue allows remote attackers to inject arbitrary HTML tags into the system. This can be achieved by specifying the tags in search keywords embedded in HTTP referrer information or in host names retrieved via a reverse DNS lookup.

Recommendations For Webalizer versions 2.01 through 2.06, consider restricting access to the referrer information and limiting the ability to inject arbitrary HTML tags in host names until a patch is available. As a temporary workaround, disabling the feature to display referrer information and host names may help minimize the risk of exploitation.