[arch-security] [ASA-201608-11] websvn: cross-site scripting
rgacogne at archlinux.org
Thu Aug 11 11:11:22 UTC 2016
Arch Linux Security Advisory ASA-201608-11
Date : 2016-08-11
CVE-ID : CVE-2016-1236
Package : websvn
Type : cross-site scripting
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package websvn before version 2.3.3-7 is vulnerable to several
cross-site scripting issues.
Upgrade to 2.3.3-7.
# pacman -Syu "websvn>=2.3.3-7"
The problem has not been fixed upstream yet.
Multiple cross-site scripting (XSS) vulnerabilities in revision.php,
log.php, listing.php, and comp.php in WebSVN allow context-dependent
attackers to inject arbitrary web script or HTML via the name of a file
or directory in a repository.
browser by creating a file or a directory with a specially crafted name
in a SVN repository.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security