DHT shell with -x option
(owdhtshell -x command)
of versions of Overlay Weaver are vulnerable to
a cross-site scripting attack.
Overlay Weaver versions from 0.5.9 to 0.5.11
has a cross-site scripting vulnerability.
If a DHT shell is invoked with -x option,
it presents a web page with node information and
input forms to accept put, get and remove operations on a DHT.
In that case, the DHT shell is vulnerable to a cross-site scripting attack.
The victim will be presented with information
which the DHT shell did not wish their visitors to be subjected.
This could be used to "sniff"
sensitive data from within web pages
served by a web server running on the same host on which DHT shell running.
This issue is resolved in Overlay Weaver 0.6.
Use the version or later.
Or, do not specify -x option to owdhtshell command
if you use versions from 0.5.9 to 0.5.11.