Hi,
there is a XSS error in syntax.html of htdig.
you can reproduce this like this:
http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo
$(SYNTAXERROR) must be quoted by htdig before filling it in.
greetings
Michael
--
Michael Skibbe <ms...@su...>
Core Services
SUSE Linux Products GmbH GF: Markus Rex
Nuernberg, Germany HRB 16746 (AG Nuernberg)
|