First published: Wed Nov 23 2011(Updated: )
A cross-site scripting flaw was found in the way Namazu, a full-text search engine, performed CGI parameters sanitization when processing HTTP cookies. If namazu was configured as a CGI script (WWW search engine), a remote attacker could provide a specially-crafted web page, which once processed by the engine could lead to arbitrary HTML or web script execution or allow an adversary to discover the value of HTTP cookie. References: [1] <a href="http://www.namazu.org/#news">http://www.namazu.org/#news</a> [2] <a href="http://www.namazu.org/security.html.en">http://www.namazu.org/security.html.en</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Namazu Namazu | <=2.0.20 | |
Namazu Namazu | =2.0 | |
Namazu Namazu | =2.0.2 | |
Namazu Namazu | =2.0.12 | |
Namazu Namazu | =2.0.13 | |
Namazu Namazu | =2.0.14 | |
Namazu Namazu | =2.0.15 | |
Namazu Namazu | =2.0.16 | |
Namazu Namazu | =2.0.17 | |
Namazu Namazu | =2.0.18 | |
Namazu Namazu | =2.0.19 | |
Microsoft Internet Explorer | =6 | |
Microsoft Internet Explorer | =7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.