ViewCVS XSS Network Vulnerability

Summary

The remote host seems to be running ViewCVS, an open source CGI written in python designed to access CVS directories using a web interface. The remote version of this software is vulnerable to many cross-site scripting flaws though the script 'viewcvs'. Using a specially crafted URL, an attacker can cause arbitrary code execution for third party users, thus resulting in a loss of integrity of their system.

Solution

Update to the latest version of this software

References

http://viewcvs.sourceforge.net/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0771
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities