Описание
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2 (включая)
cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01464
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 19 лет назад
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP header ...
github
больше 3 лет назад
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
EPSS
Процентиль: 79%
0.01464
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other