Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote malicious users to inject arbitrary HTML and web script via certain error messages.
viewcvs viewcvs 0.9.2