Veracode Vulnerability DatabaseVERACODE:23195Cross-Site Scripting (XSS)
0.008 Low
EPSS
Percentile
81.1%
htdig is vulnerable to cross-site scripting. A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user’s Web browser to execute malicious script in the context of the visited htdig search Web page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| htdig | eq | 3.2.0b6__3.40.2.rhel4 | |
| htdig | eq | 3.2.0b6__9.el5 | |
| htdig | eq | 3.2.0b6__3.40.2.rhel4 | |
| htdig | eq | 3.2.0b6__9.el5 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278
secunia.com/advisories/27850
secunia.com/advisories/27890
secunia.com/advisories/27965
secunia.com/advisories/28062
securitytracker.com/id?1019010
sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev
www.debian.org/security/2007/dsa-1429
www.novell.com/linux/security/advisories/2007_25_sr.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2007-1095.html
www.securityfocus.com/bid/26610
www.vupen.com/english/advisories/2007/4038
access.redhat.com/errata/RHSA-2007:1095
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515
www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html
Related
