ViewVC 'lib/viewvc.py' Cross Site Scripting Vulnerability

Summary
ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.4 and 1.0.10 are vulnerable.
Solution
Vendor updates are available. Please see the references for details.
References