Lucene search

[email protected]CVE-2007-6110

HistoryNov 23, 2007 - 8:46 p.m.

CVE-2007-6110

2007-11-2320:46:00

CWE-79

[email protected]

web.nvd.nist.gov

htsearch

htdig

xss

vulnerability

web script

html

sort parameter

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

JSON

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

Affected configurations

NVD

Node

htdightdigMatch3.2.0b6

CPENameOperatorVersion
htdig:htdightdigeq3.2.0b6

CPE	Name	Operator	Version
htdig:htdig	htdig	eq	3.2.0b6

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278

secunia.com/advisories/27850

secunia.com/advisories/27890

secunia.com/advisories/27965

secunia.com/advisories/28062

securitytracker.com/id?1019010

sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev

www.debian.org/security/2007/dsa-1429

www.novell.com/linux/security/advisories/2007_25_sr.html

www.redhat.com/support/errata/RHSA-2007-1095.html

www.securityfocus.com/bid/26610

www.vupen.com/english/advisories/2007/4038

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515

www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

JSON

Related for CVE-2007-6110

openvas11 veracode1 nessus10 fedora3 oraclelinux1 cvelist1 debian1 centos1 redhat1 nvd1 ubuntucve1 prion1 securityvulns1 osv1 debiancve1