CVE-2007-6110
published 2007-11-23CVE-2007-6110: Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.39%
90.1th percentile
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | htdig | < htdig 1:3.2.0b6-4 (bookworm) | htdig 1:3.2.0b6-4 (bookworm) |
| htdig | htdig | — | — |
| htdig | htdig | >= 0 < 1:3.2.0b6-4 | 1:3.2.0b6-4 |
| htdig | htdig | >= 0 < 1:3.2.0b6-4 | 1:3.2.0b6-4 |
| htdig | htdig | >= 0 < 1:3.2.0b6-4 | 1:3.2.0b6-4 |
| htdig | htdig | >= 0 < 1:3.2.0b6-4 | 1:3.2.0b6-4 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
htdig htsearch XSS vulnerability
vendor_redhat·2007-09-25·CVSS 4.3
CVE-2007-6110 [MEDIUM] CWE-79 htdig htsearch XSS vulnerability
htdig htsearch XSS vulnerability
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
Debian
CVE-2007-6110: htdig - Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows rem...
vendor_debian·2007·CVSS 4.3
CVE-2007-6110 [MEDIUM] CVE-2007-6110: htdig - Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows rem...
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
Scope: local
bookworm: resolved (fixed in 1:3.2.0b6-4)
bullseye: resolved (fixed in 1:3.2.0b6-4)
forky: resolved (fixed in 1:3.2.0b6-4)
sid: resolved (fixed in 1:3.2.0b6-4)
trixie: resolved (fixed in 1:3.2.0b6-4)
GHSA
GHSA-fj22-9wc7-hq3h: Cross-site scripting (XSS) vulnerability in htsearch in htdig 3
ghsa_unreviewed·2022-05-01
CVE-2007-6110 [MEDIUM] CWE-79 GHSA-fj22-9wc7-hq3h: Cross-site scripting (XSS) vulnerability in htsearch in htdig 3
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
OSV
CVE-2007-6110: Cross-site scripting (XSS) vulnerability in htsearch in htdig 3
osv·2007-11-23·CVSS 4.3
CVE-2007-6110 [MEDIUM] CVE-2007-6110: Cross-site scripting (XSS) vulnerability in htsearch in htdig 3
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278http://secunia.com/advisories/27850http://secunia.com/advisories/27890http://secunia.com/advisories/27965http://secunia.com/advisories/28062http://securitytracker.com/id?1019010http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-devhttp://www.debian.org/security/2007/dsa-1429http://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1095.htmlhttp://www.securityfocus.com/bid/26610http://www.vupen.com/english/advisories/2007/4038https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453278http://secunia.com/advisories/27850http://secunia.com/advisories/27890http://secunia.com/advisories/27965http://secunia.com/advisories/28062http://securitytracker.com/id?1019010http://sourceforge.net/mailarchive/forum.php?thread_name=200709251310.55835.mskibbe%40suse.de&forum_name=htdig-devhttp://www.debian.org/security/2007/dsa-1429http://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1095.htmlhttp://www.securityfocus.com/bid/26610http://www.vupen.com/english/advisories/2007/4038https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11515https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00116.html
2007-11-23
Published