1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
Candidate: CVE-2011-5221
PublicDate: 2012-10-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5221
http://xforce.iss.net/xforce/xfdb/71888
http://www.securitytracker.com/id?1026438
http://websvn.tigris.org/issues/show_bug.cgi?id=275
http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html
http://secunia.com/advisories/47288
http://osvdb.org/77943
http://osvdb.org/77942
http://osvdb.org/77941
Description:
Cross-site scripting (XSS) vulnerability in the getLog function in
svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject
arbitrary web script or HTML via the path parameter to (1) comp.php, (2)
diff.php, or (3) revision.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_websvn:
upstream_websvn: released (2.3.1)
hardy_websvn: ignored (reached end-of-life)
lucid_websvn: ignored (reached end-of-life)
natty_websvn: not-affected (2.3.2-1)
oneiric_websvn: not-affected
precise_websvn: not-affected
quantal_websvn: not-affected
raring_websvn: not-affected
saucy_websvn: not-affected
devel_websvn: not-affected
|