XSS in Git
CVE-2010-3906
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.135 (94.4th percentile) — read the EPSS interpretation.
Affected products
- Git — versions 1.6.2.3, 0.99.9n, 1.5.1.4
- Git-scm Git — versions 0.03, 0.01, 0.02
- N/a — versions n/a
Weakness classification (CWE)
References
- 43457 (x_refsource_SECUNIA, third-party-advisory)
- 42645 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- FEDORA-2010-18981 (x_refsource_FEDORA, vendor-advisory)
- 42731 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2010-3323 (vdb-entry, x_refsource_VUPEN)
- RHSA-2010:1003 (x_refsource_REDHAT, vendor-advisory)
- ADV-2011-0010 (vdb-entry, x_refsource_VUPEN)
- 42743 (x_refsource_SECUNIA, third-party-advisory)
- 15744 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- SUSE-SR:2011:004 (vendor-advisory, x_refsource_SUSE)