This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote web server contains a CGI script affected by a cross-site
The htsearch CGI script is accessible through the remote web server.
htsearch is a component of ht://Dig used to index and search documents
such as web pages.
The version of htsearch installed on the remote host fails to sanitize
user-supplied input to the 'sort' parameter before using it to
generate dynamic output. An unauthenticated, remote attacker may be
able to leverage this issue to inject arbitrary HTML or script code
into a user's browser to be executed within the security context of
the affected site.
See also :
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true