Vulnonym.org

CVE-2005-0085 - Can do Common Frog

Description

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter which is not properly sanitized before it is displayed in an error message.

Reference

http://www.debian.org/security/2005/dsa-680 http://www.securityfocus.com/bid/12442 http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http://www.redhat.com/support/errata/RHSA-2005-073.html http://securitytracker.com/id?1013078 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://secunia.com/advisories/14255 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://www.redhat.com/support/errata/RHSA-2005-090.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:063 https://exchange.xforce.ibmcloud.com/vulnerabilities/19223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878