ht://dig htsearch sort Parameter XSS

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a CGI script affected by a cross-site
scripting vulnerability.

Description :

The htsearch CGI script is accessible through the remote web server.
htsearch is a component of ht://Dig used to index and search documents
such as web pages.

The version of htsearch installed on the remote host fails to sanitize
user-supplied input to the 'sort' parameter before using it to
generate dynamic output. An unauthenticated, remote attacker may be
able to leverage this issue to inject arbitrary HTML or script code
into a user's browser to be executed within the security context of
the affected site.

See also :

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 28334 (htsearch_sort_xss.nasl)

Bugtraq ID: 26610

CVE ID: CVE-2007-6110

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial