{"id":"CVE-2004-1318","details":"Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab (\"%09\") character, which prevents the rest of the query from being properly sanitized.","modified":"2026-04-10T03:36:35.642780Z","published":"2005-01-06T05:00:00Z","references":[{"type":"ADVISORY","url":"http://jvn.jp/jp/JVN%23904429FE.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/13600"},{"type":"ADVISORY","url":"http://www.debian.org/security/2005/dsa-627"},{"type":"ADVISORY","url":"http://www.namazu.org/security.html.en#xss-tab"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2005_01_sr.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/advisories/9028"},{"type":"FIX","url":"http://www.namazu.org/security.html.en#xss-tab"},{"type":"WEB","url":"http://securitytracker.com/alerts/2005/Jan/1012802.html"},{"type":"WEB","url":"http://securitytracker.com/alerts/2005/Jan/1012805.html"},{"type":"WEB","url":"http://www.linuxsecurity.com/content/view/117604/102/"},{"type":"WEB","url":"http://www.osvdb.org/12516"},{"type":"WEB","url":"http://www.securityfocus.com/bid/12053"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18623"}],"schema_version":"1.7.5"}