Gitweb <= - Cross Site Scripting

ID SSV:70397
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                >-8 Description 8-<
Cross-site scripting (XSS) vulnerability in Gitweb and previous versions
allows remote attackers to inject arbitrary web script or HTML code via f and fp variables.

>-8 Proof Of Concept 8-<
[XSS] => "><body onload="alert('xss')"> <a

>-8 Credits 8-<
Emanuele 'emgent' Gentili <>

>-8 Responsible Disclosure 8-<

13-12-2010	Initial contact with upstream and vendor-sec
13-12-2010	Vendor Response and CVE-2010-3906 assignation
15-12-2010	Public Disclosure