Fedora 14 : cgit-0.9.0.2-2.fc14 (2011-9588)

This update fixes a potential XSS vulnerability. A malicious user would need push access to the git server in order to exploit this issue. Refer to the cgit mailing list for : Numerous minor bugs are also fixed. For details, refer to the upstream release announcements for 0.9.0.1 and 0.9.0.2...

Fedora 15 : cgit-0.9.0.2-2.fc15 (2011-9589)

This update fixes a potential XSS vulnerability. A malicious user would need push access to the git server in order to exploit this issue. Refer to the cgit mailing list for : Numerous minor bugs are also fixed. For details, refer to the upstream release announcements for 0.9.0.1 and 0.9.0.2...

CVE-2011-2711

Cross-site scripting XSS vulnerability in the printfileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint...

CVE-2011-2711

CVE-2011-2711 affects cgit ≤0.9.0.2: XSS in print_fileinfo (ui-diff.c) allows remote authenticated users to inject script/HTML via the filename in a rename hint. Documented across multiple sources (SUSE/Fedora updates) indicating patches exist in cgit upgrades (e.g., OpenSUSE/SU-2011:0891-1, Fedo...