|
ViewCVS Source View Input Validation Vulnerability
ViewCVS is prone to an input-validation vulnerability. This issue resides in the script that allows users to view source files (viewcvs.py). The software fails to sufficiently sanitize nput supplied through URI parameters, allowing an attacker to launch cross-site scripting and HTTP-response-splitting attacks. Exploitation could allow the attacker to steal cookie-based authentications and launch other attacks. This issue appears similar to BID 9291. |
|
|
Privacy Statement |
