{"id": "OPENVAS:136141256231015706", "type": "openvas", "bulletinFamily": "scanner", "title": "ht://Dig htsearch.cgi XSS", "description": "The ", "published": "2005-11-03T00:00:00", "modified": "2020-05-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231015706", "reporter": "Copyright (C) 2004 David Maciejak", "references": ["7590"], "cvelist": ["CVE-2002-2010"], "lastseen": "2020-05-08T16:40:14", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-7590", "CVE-2002-2010", "CVE-2015-7590", "CVE-2014-7590", "CVE-2016-7590", "CVE-2019-7590", "CVE-2018-7590"]}, {"type": "nessus", "idList": ["HTDIG_XSS.NASL"]}, {"type": "xssed", "idList": ["XSSED:7590"]}, {"type": "zdt", "idList": ["1337DAY-ID-7590"]}, {"type": "osvdb", "idList": ["OSVDB:7590"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7590", "SECURITYVULNS:DOC:7590"]}, {"type": "seebug", "idList": ["SSV:7590"]}], "modified": "2020-05-08T16:40:14", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2020-05-08T16:40:14", "rev": 2}, "vulnersScore": 5.6}, "pluginID": "136141256231015706", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ht://Dig htsearch.cgi XSS\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# Ref: Howard Yeend <h_bugtraq@yahoo.com>\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.15706\");\n script_version(\"2020-05-06T06:57:16+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 06:57:16 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2002-2010\");\n script_bugtraq_id(5091);\n script_xref(name:\"OSVDB\", value:\"7590\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"ht://Dig htsearch.cgi XSS\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2004 David Maciejak\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"cross_site_scripting.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"solution\", value:\"Upgrade to a newer when available\");\n\n script_tag(name:\"summary\", value:\"The 'htsearch' CGI, which is part of the ht://Dig package,\n is vulnerable to cross-site scripting attacks,\n through 'words' variable.\n\n With a specially crafted URL, an attacker can cause arbitrary\n code execution resulting in a loss of integrity.\");\n\n script_tag(name:\"qod\", value:\"50\"); # No extra check, prone to false positives and doesn't match existing qod_types\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nhost = http_host_name( dont_add_port:TRUE );\nif( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string( dir, \"/htsearch.cgi?words=%22%3E%3Cscript%3Efoo%3C%2Fscript%3E\" );\n\n if( http_vuln_check( port:port, url:url, pattern:\"<script>foo</script>\" ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "naslFamily": "Web application abuses"}

{"cve": [{"lastseen": "2020-10-03T11:37:01", "description": "Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.", "edition": 3, "cvss3": {}, "published": "2002-12-31T05:00:00", "title": "CVE-2002-2010", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-2010"], "modified": "2008-09-05T20:32:00", "cpe": ["cpe:/a:htdig:htdig:3.1.5", "cpe:/a:htdig:htdig:3.2.0", "cpe:/a:htdig:htdig:3.2.0b3", "cpe:/a:htdig:htdig:3.1.6"], "id": "CVE-2002-2010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2010", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:htdig:htdig:3.2.0b3:*:*:*:*:*:*:*", "cpe:2.3:a:htdig:htdig:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:htdig:htdig:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:htdig:htdig:3.1.5:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T11:32:39", "description": "The 'htsearch' CGI, which is part of the ht://Dig package, is\nvulnerable to cross-site scripting attacks, through the 'words'\nvariable.\n\nWith a specially crafted URL, an attacker can cause arbitrary code\nexecution resulting in a loss of integrity.", "edition": 20, "published": "2004-11-13T00:00:00", "title": "ht://Dig htsearch.cgi words Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-2010"], "modified": "2004-11-13T00:00:00", "cpe": [], "id": "HTDIG_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/15706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15706);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2002-2010\");\n script_bugtraq_id(5091);\n\n script_name(english:\"ht://Dig htsearch.cgi words Parameter XSS\");\n script_summary(english:\"Checks if ht://Dig is vulnerable to XSS flaw in htsearch.cgi\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote contains a search engine that is affected by a cross-site\nscripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The 'htsearch' CGI, which is part of the ht://Dig package, is\nvulnerable to cross-site scripting attacks, through the 'words'\nvariable.\n\nWith a specially crafted URL, an attacker can cause arbitrary code\nexecution resulting in a loss of integrity.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2002/Jun/327\");\n script_set_attribute(attribute:\"solution\", value:\"There is no known solution at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/13\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses : XSS\");\n\n script_dependencie(\"cross_site_scripting.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, embedded:TRUE);\nif ( ! port ) exit(0);\nif ( get_kb_item(\"www/\" + port + \"/generic_xss\") ) exit(0);\n\nif(get_port_state(port))\n{\n foreach dir (cgi_dirs())\n {\n \tbuf = http_get(item:string(dir,\"/htsearch.cgi?words=%22%3E%3Cscript%3Efoo%3C%2Fscript%3E\"), port:port);\n \tr = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);\n \tif( r == NULL )exit(0);\n \tif(egrep(pattern:\"<script>foo</script>\", string:r))\n \t{\n \t\tsecurity_warning(port);\n\t\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\t \texit(0);\n \t}\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}