From: Michael S. <ms...@su...> - 2007-09-25 11:11:07
|
Hi, there is a XSS error in syntax.html of htdig. you can reproduce this like this: http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo $(SYNTAXERROR) must be quoted by htdig before filling it in. greetings Michael -- Michael Skibbe <ms...@su...> Core Services SUSE Linux Products GmbH GF: Markus Rex Nuernberg, Germany HRB 16746 (AG Nuernberg) |