CVSTrac < 1.1.5 Multiple XSS

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

A web application running on the remote host has multiple cross-site
scripting vulnerabilities.

Description :

The remote host seems to be running CVSTrac, a web-based bug and
patch-set tracking system for CVS.

According to its version number, the remote installation of CVSTrac
has multiple cross-site scripting flaws. A remote attacker could
exploit this by tricking a user into requesting a malicious URL, which
would result in the execution of arbitrary script code as that user.

See also :

http://www.cvstrac.org/cvstrac/chngview?cn=320
http://www.cvstrac.org/cvstrac/chngview?cn=321

Solution :

Upgrade to CVSTrac 1.1.5 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 16000 (cvstrac_unspecified_xss.nasl)

Bugtraq ID: 12017

CVE ID: CVE-2004-1146