CVE-2002-0771

ViewCVS 0.9.2 - Cross-Site Scripting via cvsroot or sortby Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0771. PoCs published by office.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ViewCVS by injecting malicious script tags into URL parameters. The PoC provides example URLs that, when accessed, execute arbitrary JavaScript in the context of the target site.

Description

Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by office · textwebappscgi

https://www.exploit-db.com/exploits/21473

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in ViewCVS by injecting malicious script tags into URL parameters. The PoC provides example URLs that, when accessed, execute arbitrary JavaScript in the context of the target site.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ViewCVS (versions prior to fix for CVE-2002-0771)

No auth needed

Prerequisites: A target running vulnerable ViewCVS · Victim interaction to click malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9112.php

Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4818

Scores

EPSS 0.0723

EPSS Percentile 93.5%

Details

Status published

Products (4)

viewcvs/viewcvs 0.8

viewcvs/viewcvs 0.9

viewcvs/viewcvs 0.9.1

viewcvs/viewcvs 0.9.2

Published Aug 12, 2002

Tracked Since Feb 18, 2026