Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

Full changelog:
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r evision=2359&view=markup&pathrev=HEAD - security fix: escape user-provided search_re input to avoid XSS attack

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVS support got broken by the previous viewvc update for CVE-2010-0132. This release fixes that again.

The regular expression search feature didn't properly sanitize user input, therefore allowing attackers to conduct cross-site-scripting (XSS) attacks (CVE-2010-0132).

The remote web server is running ViewVC, a web-based interface for CVS and Subversion.  The installed version of ViewVC is earlier than 1.0.11 or 1.1.5.  Such versions are potentially affected by a cross-site scripting vulnerability because the application fails to properly sanitize user supplied data to the regular expression search feature.

The remote web server is hosting a version of ViewVC that is affected by a cross-site scripting vulnerability in the 'search' parameter of the 'viewvc.cgi' script.

An attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.

Note that successful exploitation requires the regular expression search functionality to be enabled.  It is not by default.

ID	Name	Product	Family	Severity
47406	Fedora 13 : viewvc-1.1.5-1.fc13 (2010-5805)	Nessus	Fedora Local Security Checks	low
47396	Fedora 12 : viewvc-1.1.5-1.fc12 (2010-5524)	Nessus	Fedora Local Security Checks	low
47392	Fedora 11 : viewvc-1.1.5-1.fc11 (2010-5507)	Nessus	Fedora Local Security Checks	low
45482	openSUSE Security Update : viewvc (openSUSE-SU-2010:0098-1)	Nessus	SuSE Local Security Checks	low
45481	openSUSE Security Update : viewvc (openSUSE-SU-2010:0098-1)	Nessus	SuSE Local Security Checks	low
45470	openSUSE Security Update : viewvc (viewvc-2240)	Nessus	SuSE Local Security Checks	low
45464	openSUSE Security Update : viewvc (viewvc-2240)	Nessus	SuSE Local Security Checks	low
45458	openSUSE Security Update : viewvc (viewvc-2240)	Nessus	SuSE Local Security Checks	low
5501	ViewVC < 1.0.11 / 1.1.5 Regex Search Cross-Site Scripting Vulnerability	Nessus Network Monitor	CGI	medium
45406	ViewVC viewvc.cgi search Parameter XSS	Nessus	CGI abuses : XSS	low

Detections

Analytics

CVE-2010-0132

medium

Tenable Plugins

low

low

low

low

low

low

low

low

medium

low