WatchMouse keeps watch for the latest security news and vulnerability reports. Check here on a regular basis for updates or sign up using the form on the right to receive our security news updates via email.
View a full list of the most recent vulnerabilities here.
View a full list of the most recent vulnerabilities here.
ViewVC 'lib/viewvc.py' Cross Site Scripting Vulnerability
|
15 Mar 2010 |
| ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to ViewVC 1.1.4 and 1.0.10 are vulnerable. |
|
| Securityfocus.com | |
