CVE-2005-0085
NONE EPSS 80.9%
Published Apr 27, 200521y ago · Modified Jun 16, 20262w ago
Published Apr 27, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
Threat Intelligence
EPSS Exploit Probability
80.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 27
| Vendor | Product | Version | Range |
|---|---|---|---|
| htdig | htdig | 3.1.5 | any |
| htdig | htdig | 3.1.5_7 | any |
| htdig | htdig | 3.1.5_8 | any |
| htdig | htdig | 3.1.6 | any |
| htdig | htdig | 3.2.0 | any |
| htdig | htdig | 3.2.0b2 | any |
| htdig | htdig | 3.2.0b3 | any |
| htdig | htdig | 3.2.0b4 | any |
| htdig | htdig | 3.2.0b5 | any |
| htdig | htdig | 3.2.0b6 | any |
| mandrakesoft | mandrake_linux | 10.0 | any |
| mandrakesoft | mandrake_linux | 10.0 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| redhat | fedora_core | core_3.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
References 18
- ftp.sco.com ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
- secunia.com http://secunia.com/advisories/14255
- secunia.com http://secunia.com/advisories/14276
- secunia.com http://secunia.com/advisories/14303
- secunia.com http://secunia.com/advisories/14795
- secunia.com http://secunia.com/advisories/15007
- secunia.com http://secunia.com/advisories/17414
- secunia.com http://secunia.com/advisories/17415
- securitytracker.com http://securitytracker.com/id?1013078
- debian.org http://www.debian.org/security/2005/dsa-680
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:063
- redhat.com http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-073.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-090.html
- securityfocus.com http://www.securityfocus.com/bid/12442
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/19223
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10878
Remediation
- debian.org http://www.debian.org/security/2005/dsa-680
- securityfocus.com http://www.securityfocus.com/bid/12442