CVE-2007-3056

Websvn < 2.0rc4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.

References (9)

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=180879

[Vendor Advisory] http://secunia.com/advisories/25532

[Various Sources] http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2007-August/001771.html

[Various Sources] http://www.nabble.com/CVE-2007-3056-tf4246678.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34726

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24310

[Third Party Advisory, VDB Entry] http://osvdb.org/36409

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018601

Scores

EPSS 0.0079

EPSS Percentile 73.7%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

websvn/websvn < 2.0rc4

Timeline

Published Jun 06, 2007

Tracked Since Feb 18, 2026