Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbOfficeEDB-ID:21473
HistoryMay 24, 2002 - 12:00 a.m.

ViewCVS 0.9.2 - Cross-Site Scripting

2002-05-2400:00:00
office
www.exploit-db.com
15

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/4818/info

ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks.

An attacker may exploit this by constructing a malicious link with script code to a site running ViewCVS and sending it to a legitimate user of the site. When the legitimate user follows the link, the attacker's script code is executed in their web client in the security context of the website running ViewCVS. 

http://target/cgi-bin/viewcvs.cgi/viewcvs/?cvsroot=<script>alert("hello")</script>

http://target/cgi-bin/viewcvs.cgi/viewcvs/viewcvs/?sortby=rev"><script>alert("hello")</script>

Related

nessus 1
cvelist 1
nvd 1
cve 1
openvas 1
nessus
nessus
ViewCVS viewcvs.cgi Multiple Parameter XSS
2004-09-27 00:00:00
cvelist
cvelist
CVE-2002-0771
2002-07-26 04:00:00
nvd
nvd
CVE-2002-0771
2002-08-12 04:00:00
cve
cve
CVE-2002-0771
2002-08-12 04:00:00
openvas
openvas
ViewCVS XSS
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21473
nessus1cvelist1nvd1cve1openvas1