ViewVC 'lib/viewvc.py' Cross Site Scripting Vulnerability Network Vulnerability

Summary

ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.4 and 1.0.10 are vulnerable.

Solution

Vendor updates are available. Please see the references for details.

References

http://viewvc.tigris.org/
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://www.securityfocus.com/bid/38650

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0736

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Information Disclosure Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities