CVE-2008-1168
EPSS 0.79%
Description
Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
How to fix CVE-2008-1168
To remediate CVE-2008-1168, upgrade the affected package to a fixed version below.
- Debian/sarg—upgrade to 2.2.5-1 or later
Is CVE-2008-1168 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.5-1