CVSTrac < 1.1.5 Multiple XSS

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

A web application running on the remote host has multiple cross-site
scripting vulnerabilities.

Description :

The remote host seems to be running CVSTrac, a web-based bug and
patch-set tracking system for CVS.

According to its version number, the remote installation of CVSTrac
has multiple cross-site scripting flaws. A remote attacker could
exploit this by tricking a user into requesting a malicious URL, which
would result in the execution of arbitrary script code as that user.

See also :

Solution :

Upgrade to CVSTrac 1.1.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 16000 (cvstrac_unspecified_xss.nasl)

Bugtraq ID: 12017

CVE ID: CVE-2004-1146