Summary: | <www-apps/viewvc-1.1.5: XSS attack (CVE-2010-0132) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tobias Heinlein (RETIRED)
2010-03-30 18:38:01 UTC
Arches, please test and mark stable: =www-apps/viewvc-1.1.5 Target keywords : "amd64 ppc sparc x86" x86 stable sparc stable CVE-2010-0132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0132): Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. CVE-2010-0132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0132): Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. ppc done amd64 stable, all arches done. XSS in webapps → NO. Closing. |