FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

websvn -- reflected cross-site scripting

Affected packages
websvn < 2.3.3_1

Details

VuXML ID 12d1b5a6-e39d-11e5-9f77-5453ed2e2b49
Discovery 2016-02-22
Entry 2016-03-06

Sebastien Delafond reports:

Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.

References

CVE Name CVE-2016-2511
URL http://seclists.org/fulldisclosure/2016/Feb/99
URL https://lists.debian.org/debian-security-announce/2016/msg00060.html