QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3618

Published: Nov 10, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-8501

vendor-advisory

x_refsource_FEDORA

FEDORA-2009-8507

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_OSVDB

[oss-security] 20091016 Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

viewvc-view-xss(52430)

vdb-entry

x_refsource_XF

http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD

x_refsource_CONFIRM

SUSE-SR:2009:017

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.