Cross-Site Scripting Vulnerability in ViewVC by Tigris.org
CVE-2010-0736

Currently unrated

Key Information:

Vendor

Viewvc

Status
Viewvc
Vendor
CVE Published:
19 March 2010

What is CVE-2010-0736?

A cross-site scripting (XSS) vulnerability exists in the view_queryform function of lib/viewvc.py within ViewVC, prior to version 1.0.10 and in the 1.1.x branch before 1.1.4. This vulnerability allows remote attackers to inject malicious web scripts or HTML into the application through user-supplied input, which can lead to further security risks such as session hijacking or unauthorized access. Promptly updating to the latest versions is recommended to mitigate this security issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://viewvc.tigris.org/source/browse/viewvc?view=rev&re...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2010/03/16/14
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2010/03/10/8
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.