From https://bugzilla.redhat.com/show_bug.cgi?id=871159 :
A new CleanXSS() function was added  to awstats' awredir.pl cgi script and is part of the 7.1
release . The additional function aims to clean strings of HTML tags so as to avoid XSS flaws.
It doesn't indicate whether or not it was possible to actually inject arbitrary HTML into these
strings or whether this was just a hardening mechanism, however this would be applicable to all
currently supported versions of awstats.
And obviously there is no new version, they just re-released 7.1 as usual.
Sigh, on it.
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown
impact and attack vectors.
Diego / web-apps: ok to stabilize?
(Thanks for the fast bump, Diego.)
Yes okay to stabilize, been using it since the bump and it's okay. Just the usual fixes I suppose.
(In reply to comment #4)
> Yes okay to stabilize, been using it since the bump and it's okay. Just the
> usual fixes I suppose.
Arches, please test and mark stable =www-misc/awstats-7.1_p20121017
Stable for HPPA.
Closing noglsa for XSS only.