Mandriva Linux Security Advisory 2009-266 – awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81923/MDVSA-2009-266.txt
Source: https://packetstormsecurity.com/files/81923/Mandriva-Linux-Security-Advisory-2009-266.html