Bug#453278: CVE-2007-6110: XSS in htsearch

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#453278: CVE-2007-6110: XSS in htsearch
From: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Wed, 28 Nov 2007 20:48:16 +1100
Message-id: <[🔎] 20071128094816.6963.37977.reportbug@hannah.debian.org>
Reply-to: Steffen Joeris <steffen.joeris@skolelinux.de>, 453278@bugs.debian.org

Package: htdig
Version: 1:3.2.0b6-3.1
Severity: important
Tags: security

Hi

The following CVE[0] has been issued against htdig.

CVE-2007-6110:

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6
allows remote attackers to inject arbitrary web script or HTML via the
sort parameter.

Please mention the CVE id number in your changelog, when you fix the
problem.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6110

Reply to:

Prev by Date: I in thumbnail
Next by Date: her reluctant
Previous by thread: I in thumbnail
Next by thread: her reluctant
Index(es):
- Date
- Thread