WebSVN 'path' 参数跨站脚本漏洞

Bugtraq ID: 51109 WebSVN是一个基于Web的Subversion Repository浏览器。 通过"path"参数传递给comp.php或revision.php脚本的输入在返回用户之前svnlook.php脚本中的"getLog"函数对此缺少过滤，可被利用进行跨站脚本攻击。 构建恶意URL，诱使用户解析，可获得敏感信息或劫持用户会话 0 WebSVN 2.3.2 WebSVN 2.1 WebSVN 2.0rc4 WebSVN 2.0 WebSVN 1.7 WebSVN 1.0 厂商解决方案 WebSVN 2.3.1及之后版本已经修复此漏洞，建议用户下载使用：...

CVE-2007-3056

CVE-2007-3056 affects WebSVN, specifically the filedetails.php component in WebSVN 2.0rc4 (and possibly earlier). The vulnerability is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the path parameter. The provided connected documents co...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...