Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

viewvc: cross-site scripting

Package(s):

viewvc

CVE #(s):

Created:

March 16, 2010

Updated:

April 5, 2010

Description:

From the viewvc changelog:

Version 1.1.4 security fix: escape user-provided query form input to avoid XSS attack.

Alerts:

Fedora	FEDORA-2010-5507	2010-04-01
Fedora	FEDORA-2010-5524	2010-04-01
Fedora	FEDORA-2010-4326	2010-03-12
Fedora	FEDORA-2010-4295	2010-03-12

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds