Red Hat Bugzilla – Bug 144261
CAN-2005-0085 XSS vulnerability in htdig 3.2.0b6
Last modified: 2015-03-04 20:14:36 EST
*** This bug has been split off bug 144127 ***
------- Original comment by Dave Miller on 2005.01.04 13:46 -------
Description of problem:
HTML metacharacters included in the config= parameter to htsearch are
displayed unmodified in the error message returned by htdig.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
you get an alertbox that says "foo" in it.
You shouldn't get an alert box.
This error was reported to email@example.com by firstname.lastname@example.org
Removing embargo - This issue was leaked public early by SUSE.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.