CVE-2016-5835

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

WebSVN 'path' 参数跨站脚本漏洞

Bugtraq ID: 51109 WebSVN是一个基于Web的Subversion Repository浏览器。 通过"path"参数传递给comp.php或revision.php脚本的输入在返回用户之前svnlook.php脚本中的"getLog"函数对此缺少过滤，可被利用进行跨站脚本攻击。 构建恶意URL，诱使用户解析，可获得敏感信息或劫持用户会话 0 WebSVN 2.3.2 WebSVN 2.1 WebSVN 2.0rc4 WebSVN 2.0 WebSVN 1.7 WebSVN 1.0 厂商解决方案 WebSVN 2.3.1及之后版本已经修复此漏洞，建议用户下载使用：...