Ht://Dig Htsearch.cgi XSS Network Vulnerability

Summary

The 'htsearch' CGI, which is part of the ht://Dig package, is vulnerable to cross-site scripting attacks, throught 'words' variable. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution

Upgrade to a newer when available

Severity

Classification

CVE CVE-2002-2010

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat NIO Connector Denial of Service Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Admidio get_file.php Remote File Disclosure Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities

ht://Dig htsearch.cgi XSS

Take action and discover your vulnerabilities