CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
83.1%
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
bugzilla.mozilla.org/attachment.cgi?id=95950&action=view
bugzilla.mozilla.org/attachment.cgi?id=95985&action=view
bugzilla.mozilla.org/show_bug.cgi?id=146244
bugzilla.mozilla.org/show_bug.cgi?id=163573
marc.info/?l=bugtraq&m=102980129101054&w=2
www.debian.org/security/2003/dsa-265
www.iss.net/security_center/static/9920.php
www.securityfocus.com/bid/5516