ID de Prueba:	1.3.6.1.4.1.25623.1.0.100562
Categoría:	Web application abuses
Título:	ViewVC Regular Expression Search Cross Site Scripting Vulnerability
Resumen:	ViewVC is prone to a cross-site scripting vulnerability because the; application fails to sufficiently sanitize user-supplied data.
Descripción:	Summary: ViewVC is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials. Other attacks are also possible. Affected Software/OS: Versions prior to ViewVC 1.1.5 and 1.0.11 are vulnerable. Solution: Updates are available. Please see the references for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0132 Bugtraq: 20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting (Google Search) http://www.securityfocus.com/archive/1/510408/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html http://secunia.com/secunia_research/2010-26/ http://secunia.com/advisories/38918 SuSE Security Announcement: SUSE-SR:2010:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://www.vupen.com/english/advisories/2010/0743 http://www.vupen.com/english/advisories/2010/0844
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.