Email Archive: htdig-dev (read-only)
|
[htdig-dev] XSS error in sytnax.html
From: Michael Skibbe <mskibbe@su...> - 2007-09-25 11:11
|
Hi, there is a XSS error in syntax.html of htdig. you can reproduce this like this: http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo $(SYNTAXERROR) must be quoted by htdig before filling it in. greetings Michael -- Michael Skibbe <mskibbe@...> Core Services SUSE Linux Products GmbH GF: Markus Rex Nuernberg, Germany HRB 16746 (AG Nuernberg) |
Thread View
| Thread | Author | Date |
|---|---|---|
| [htdig-dev] XSS error in sytnax.html | Michael Skibbe <mskibbe@su...> |