CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
Publish Date: 04 Februar 2011
Schweregrad:: Hoch
Hinweisdatum: 04 Februar 2011
Beschreibung
There is a Cross Site Script (XSS) vulnerability that exists in CollabNet Subversion Edge 1.2 and prior versions. This said vulnerability can be exploited by sending a crafted request to the CollabNet Subversion. When an administrator tries to view the log file then this XSS Code will get executed.
More information on this can be found on the following page:
https://ctf.open.collab.net/sf/sfmain/do/go/artf5016?returnUrlKey=1284577592506
Discovered by: Sumit Kumar Soni, Trend Micro
Trend Micro Lösungen
More information on the patch can be found in the following page:
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_1.2.1
Betroffene Software und Version:
- CollabNet Subversion Edge 1.2 and prior versions