Back to search
CVE-2005-4831
Published: Mar 3, 2007
Modified: Aug 8, 2024
PUBLISHED
Description
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050101 Two Vulnerabilities in ViewCVS
mailing-list
x_refsource_FULLDISC
1017704
vdb-entry
x_refsource_SECTRACK
20070226 ViewCVS 0.9.4 issues
mailing-list
x_refsource_BUGTRAQ
12112
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now