ViewVC Regular Expression Search Cross Site Scripting Vulnerability Network Vulnerability

Summary

ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.5 and 1.0.11 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://secunia.com/secunia_research/2010-26/
http://viewvc.org/
http://viewvc.tigris.org/
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://www.securityfocus.com/bid/39053

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0132
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Multiple ZyWALL USG Products Remote Security Bypass Vulnerability
phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
OTRS move_into Restriction Bypass Vulnerability
Mantis 'manage_proj_cat_add.php' HTML Injection Vulnerability
Packeteer Web Management Interface Login

Take action and discover your vulnerabilities