Bug 144261 - CAN-2005-0085 XSS vulnerability in htdig 3.2.0b6
CAN-2005-0085 XSS vulnerability in htdig 3.2.0b6
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: htdig (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
David Lawrence
: Security
Depends On:
Blocks: 142822
  Show dependency treegraph
Reported: 2005-01-05 08:18 EST by Josh Bressers
Modified: 2015-03-04 20:14 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-15 05:20:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-01-05 08:18:29 EST
*** This bug has been split off bug 144127 ***

------- Original comment by Dave Miller on 2005.01.04 13:46 -------

Description of problem:
HTML metacharacters included in the config= parameter to htsearch are
displayed unmodified in the error message returned by htdig.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:
you get an alertbox that says "foo" in it.

Expected results:
You shouldn't get an alert box.

Additional info:
This error was reported to webmaster@bugzilla.org by mikx@mikx.de
Comment 4 Mark J. Cox (Product Security) 2005-02-04 03:54:16 EST
Removing embargo - This issue was leaked public early by SUSE.
Comment 5 Mark J. Cox (Product Security) 2005-02-15 05:20:10 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.