|
|
Family: CGI abuses : XSS --> Category: attack
ViewCVS XSS Vulnerability Scan
Vulnerability Scan Summary
Checks for the version of ViewCVS
Detailed Explanation for this Vulnerability Test
The remote host seems to be running ViewCVS, an open source CGI written in
python designed to access CVS directories using a web interface.
The remote version of this software is vulnerable to many cross-site scripting
flaws though the script 'viewcvs'.
Using a specially crafted URL, a possible hacker can cause arbitrary code execution
for third party users, thus resulting in a loss of integrity of their system.
Solution : Update to the latest version of this software
See also: http://viewcvs.sourceforge.net/
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
