Problem:
All versions of the the Webinator 4 search script released before December 19, 2002 contain a cross-site scripting vulnerability. Affected versions are 4.0 through through 4.0.6 and 4.1 through 4.2.3. Version 4.0.7, and 4.2.4+ released on or after December 19, 2002 fix the problem.
For more details about cross-site scripting vulnerabilities and potential impact see CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests.
Diagnosis:
Find out if you're affected by one of the 2 methods below:
Fix (2 different options):
Locating your search script:
If you don't know where your Webinator search script resides on your disk.
Assuming a standard install...
The search script resides in the webinator subdirectory
of your web document directory. Examples: c:\inetpub\wwwroot\webinator ,
/var/www/html.
For Windows versions later than July 2002 the search script resides
in the Texis\Scripts\Webinator of your installation directory. The
default installation directory is
Compiling the new or modified script(s):
The search script will recompile itself the next time you use it.
If you have problems for some reason you may also compile it by hand from
a command/shell prompt. Change directory (cd) to the directory
containing the search script. Compile it with:
INSTALLDIR/texis -C search
where INSTALLDIR is your Webinator installation directory.