Description
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
Exploits (1)
References (3)
Core 3
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9112.php
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4818
Scores
EPSS
0.0822
EPSS Percentile
92.2%
Details
Status
published
Products (4)
viewcvs/viewcvs
0.8
viewcvs/viewcvs
0.9
viewcvs/viewcvs
0.9.1
viewcvs/viewcvs
0.9.2
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026