Cross-Site Scripting Vulnerability in ViewVC by Tigris.org
CVE-2006-5442

Currently unrated

Key Information:

Vendor

Viewvc

Status
Viewvc
Vendor
CVE Published:
21 October 2006

What is CVE-2006-5442?

ViewVC versions 1.0.2 and earlier are susceptible to a Cross-Site Scripting (XSS) vulnerability due to the absence of charset specifications in HTTP headers and HTML documents. This oversight enables attackers to inject arbitrary UTF-7 encoded JavaScript code through crafted views, potentially leading to harmful interactions with users and exposing sensitive information. Users of ViewVC are advised to update to version 1.0.3 or later to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/448762/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://viewvc.tigris.org/servlets/ReadMsg?list=announce&m...
mailing-listx_refsource_MLIST
http://www.hardened-php.net/advisory_102006.134.html
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.