CVE-2010-3906 – gitWeb 1.7.3.3 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-3906

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gitweb v1.7.3.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) f y (2) fp. • https://www.exploit-db.com/exploits/15744 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052782.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://secunia.com/advisories/42645 http://secunia.com/advisories/42731 http://secunia.com/advisories/42743 http://secunia.com/advisories/43457 http://www.exploit-db.com/exploits/15744 http://www.mandriva.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •