ViewVC Regular Expression Search Cross Site Scripting Vulnerability Network Vulnerability

Summary

ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.5 and 1.0.11 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://secunia.com/secunia_research/2010-26/
http://viewvc.org/
http://viewvc.tigris.org/
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
http://www.securityfocus.com/bid/39053

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0132

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability
CgiMail.exe vulnerability
arachni (NASL wrapper)
Firefox Information Disclosure Vulnerability Jan09 (Win)
phpShop 'page' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities