A cross-site scripting flaw was found in the way Namazu, a full-text search engine, performed CGI parameters sanitization when processing HTTP cookies. If namazu was configured as a CGI script (WWW search engine), a remote attacker could provide a specially-crafted web page, which once processed by the engine could lead to arbitrary HTML or web script execution or allow an adversary to discover the value of HTTP cookie.
This issue affects the version of the namazu package, as shipped with Fedora release of 14. Please schedule an update.
Created namazu tracking bugs for this issue
Affects: fedora-14 [bug 756350]
The CVE identifier of CVE-2011-4345 has been assigned to this issue: