6 matches found
openSUSE Security Update : viewvc (viewvc-2147)
Query forms didn't escape user provided input, therefore allowing cross-site-scripting XSS attacks. CVE-2010-0736 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
openSUSE Security Update : viewvc (viewvc-2147)
Query forms didn't escape user provided input, therefore allowing cross-site-scripting XSS attacks. CVE-2010-0736 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
CVE-2010-0736
Cross-site scripting XSS vulnerability in the viewqueryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."...
CVE-2010-0736
Cross-site scripting XSS vulnerability in the viewqueryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."...
CVE-2010-0736
The CVE-2010-0736 issue affects ViewVC where the view_queryform function in lib/viewvc.py is vulnerable to XSS via user-provided input. Affected ranges are ViewVC prior to 1.0.10 and 1.1.x prior to 1.1.4. The vulnerability allows remote attackers to inject arbitrary script/HTML and is confirmed a...
CVE-2010-0736
Removed by vendor...