CVE-2008-5918

WebSVN <2.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6822

View Code ZIP pw:eip

References (10)

Core 10

Core References

Patch x_refsource_confirm

http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46048

Issue Tracking x_refsource_confirm

http://websvn.tigris.org/issues/show_bug.cgi?id=179

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34191

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6822

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31891

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4928

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32338

Exploit x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00132-10202008

Scores

EPSS 0.0861

EPSS Percentile 92.4%

Details

CWE

CWE-79

Status published

Products (20)

tigris/websvn 1.00

tigris/websvn 1.01

tigris/websvn 1.02

tigris/websvn 1.03

tigris/websvn 1.04

tigris/websvn 1.10

tigris/websvn 1.20

tigris/websvn 1.31a

tigris/websvn 1.32

tigris/websvn 1.33

... and 10 more

Published Jan 21, 2009

Tracked Since Feb 18, 2026