ViewVC Regular Expression Search Cross Site Scripting Vulnerability

ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.5 and 1.0.11 are vulnerable.
Updates are available. Please see the references for more information.