Lucene search

[email protected]CVE-2007-6110

HistoryNov 23, 2007 - 8:46 p.m.

CVE-2007-6110

2007-11-2320:46:00

CWE-79

[email protected]

web.nvd.nist.gov

htsearch

htdig

xss

vulnerability

web script

html

sort parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

Affected configurations

NVD

Node

htdightdigMatch3.2.0b6

CPENameOperatorVersion
htdig:htdightdigeq3.2.0b6

CPE	Name	Operator	Version
htdig:htdig	htdig	eq	3.2.0b6

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278

secunia.com/advisories/27850

secunia.com/advisories/27890

secunia.com/advisories/27965

secunia.com/advisories/28062

securitytracker.com/id?1019010

sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-dev

www.debian.org/security/2007/dsa-1429

www.novell.com/linux/security/advisories/2007_25_sr.html

www.redhat.com/support/errata/RHSA-2007-1095.html

www.securityfocus.com/bid/26610

www.vupen.com/english/advisories/2007/4038

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515

www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2007-6110

oraclelinux1 nessus10 debian1 fedora3 openvas11 cvelist1 veracode1 redhat1 ubuntucve1 nvd1 centos1 securityvulns1 osv1 prion1 debiancve1