2 matches found
CVE-2005-4830
Removed by vendor...
CVE-2005-4831
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting XSS and other attacks, as demonstrated using 1 "text/html", or 2 "image/jpeg" with an image that is rendered as HTML ...