3 matches found
CVE-2005-4831
Removed by vendor...
CVE-2005-4831
The CVE-2005-4831 issue affects ViewCVS up to at least version 0.9.2, where the content-type parameter can be used to set the HTTP Content-Type header to arbitrary values. This can enable cross-site scripting (XSS) and related attacks (demonstrated with text/html, and with image/jpeg rendered as ...
CVE-2005-4831
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting XSS and other attacks, as demonstrated using 1 "text/html", or 2 "image/jpeg" with an image that is rendered as HTML ...