ViewCVS XSS Network Vulnerability

Summary

The remote host seems to be running ViewCVS, an open source CGI written in python designed to access CVS directories using a web interface. The remote version of this software is vulnerable to many cross-site scripting flaws though the script 'viewcvs'. Using a specially crafted URL, an attacker can cause arbitrary code execution for third party users, thus resulting in a loss of integrity of their system.

Solution

Update to the latest version of this software

References

http://viewcvs.sourceforge.net/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0771

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

AMSI 'file' Parameter Directory Traversal Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Rave User Information Disclosure Vulnerability
/cgi-bin directory browsable ?
Apache Tomcat SecurityConstraints Security Bypass Vulnerability

Take action and discover your vulnerabilities