Gitweb <= Cross Site Scripting

ID 1337DAY-ID-15194
Type zdt
Reporter emgent
Modified 2010-12-16T00:00:00


Exploit for cgi platform in category web applications

                                            >-8 Description 8-<
Cross-site scripting (XSS) vulnerability in Gitweb and previous versions
allows remote attackers to inject arbitrary web script or HTML code via f and fp variables.
>-8 Proof Of Concept 8-<
[XSS] => "><body onload="alert('xss')"> <a
>-8 Credits 8-<
Emanuele 'emgent' Gentili <[email protected]>
>-8 Responsible Disclosure 8-<
13-12-2010  Initial contact with upstream and vendor-sec
13-12-2010  Vendor Response and CVE-2010-3906 assignation
15-12-2010  Public Disclosure

# [2018-01-01]  #