Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote malicious users to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viewcvs viewcvs 0.8 |
||
viewcvs viewcvs 0.9.1 |
||
viewcvs viewcvs 0.9 |
||
viewcvs viewcvs 0.9.2 |