10 matches found
Fedora 13 : viewvc-1.1.5-1.fc13 (2010-5805)
Full changelog: http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r evision=2359&view=markup&pathrev=HEAD - security fix: escape user-provided searchre input to avoid XSS attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
openSUSE Security Update : viewvc (openSUSE-SU-2010:0098-1)
CVS support got broken by the previous viewvc update for CVE-2010-0132. This release fixes that again. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update viewvc-2268. The text description of this...
openSUSE Security Update : viewvc (openSUSE-SU-2010:0098-1)
CVS support got broken by the previous viewvc update for CVE-2010-0132. This release fixes that again. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update viewvc-2268. The text description of this...
openSUSE Security Update : viewvc (viewvc-2240)
The regular expression search feature didn't properly sanitize user input, therefore allowing attackers to conduct cross-site-scripting XSS attacks CVE-2010-0132. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...
openSUSE Security Update : viewvc (viewvc-2240)
The regular expression search feature didn't properly sanitize user input, therefore allowing attackers to conduct cross-site-scripting XSS attacks CVE-2010-0132. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...
Fedora Update for viewvc FEDORA-2010-5524
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2010-0132
Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...
CVE-2010-0132
Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...
CVE-2010-0132
CVE-2010-0132 is an XSS vulnerability in ViewVC where the regular expression search feature did not sanitize user input, allowing injected scripts via search_re inputs. The vulnerability affects multiple branches/versions: ViewVC 1.1.x before 1.1.5 and 1.0.x before 1.0.11 (initial description), a...
Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting
====================================================================== Secunia Research 30/03/2010 - ViewVC Regular Expression Search Cross-Site Scripting - ====================================================================== Table of Contents Affected...