CVE-2008-5918 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función getParameterisedSelfUrl en index.php en WebSVN v2.0 y anteriores permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO. • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3056
https://notcve.org/view.php?id=CVE-2007-3056
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo filedetails.php en WebSVN versión 2.0rc4, y posiblemente anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro path. • http://bugs.gentoo.org/show_bug.cgi?id=180879 http://osvdb.org/36409 http://secunia.com/advisories/25532 http://securitytracker.com/id?1018601 http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328 http://www.attrition.org/pipermail/vim/2007-August/001771.html http://www.nabble.com/CVE-2007-3056-tf4246678.html http://www.securityfocus.com/bid/24310 https://exchange.xforce.ibmcloud.com/vulnerabilities/34726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •