VULHUB ™

ViewCVS is prone to a cross-site scripting vulnerability. A remote attacker could take advantage of this issue by constructing a malicious link to a site running the vulnerable software that include embedded hostile HTML and script code. If this link is visited by a victim user, the attacker-supplied code may be rendered in their browser in the context of the site. This could permit theft of cookie-based authentication credentials or other attacks.

ViewCVS is prone to a cross-site scripting vulnerability. A remote attacker could take advantage of this issue by constructing a malicious link to a site running the vulnerable software that include embedded hostile HTML and script code. If this link is visited by a victim user, the attacker-supplied code may be rendered in their browser in the context of the site. This could permit theft of cookie-based authentication credentials or other attacks.