icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ViewVC < 1.0.11 / 1.1.5 Regex Search Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

The remote web server is running ViewVC, a web-based interface for CVS and Subversion. The installed version of ViewVC is earlier than 1.0.11 or 1.1.5. Such versions are potentially affected by a cross-site scripting vulnerability because the application fails to properly sanitize user supplied data to the regular expression search feature.

Solution

Upgrade to ViewVC 1.0.11, 1.1.5, or later.