FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

htdig -- cross site scripting vulnerability

Affected packages
htdig < 3.2.0.b6_1

Details

VuXML ID 673aec6f-1cae-11da-bc01-000e0c2e438a
Discovery 2005-02-03
Entry 2005-09-04
Modified 2005-09-13

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the site, including cookies used for authentication.

References

Bugtraq ID 12442
CVE Name CVE-2005-0085
URL http://www.securitytracker.com/alerts/2005/Feb/1013078.html