Vulnerability Details CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.081
EPSS Ranking 91.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/32338
- http://secunia.com/advisories/34191
- http://securityreason.com/securityalert/4928
- http://websvn.tigris.org/issues/show_bug.cgi?id=179
- http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
- http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
- http://www.gulftech.org/?node=research&article_id=00132-10202008
- http://www.securityfocus.com/bid/31891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46048
- https://www.exploit-db.com/exploits/6822
- http://secunia.com/advisories/32338
- http://secunia.com/advisories/34191
- http://securityreason.com/securityalert/4928
- http://websvn.tigris.org/issues/show_bug.cgi?id=179
- http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
- http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
- http://www.gulftech.org/?node=research&article_id=00132-10202008
- http://www.securityfocus.com/bid/31891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46048
- https://www.exploit-db.com/exploits/6822
Products affected by CVE-2008-5918
-
cpe:2.3:a:tigris:websvn:*
-
cpe:2.3:a:tigris:websvn:1.00
-
cpe:2.3:a:tigris:websvn:1.01
-
cpe:2.3:a:tigris:websvn:1.02
-
cpe:2.3:a:tigris:websvn:1.03
-
cpe:2.3:a:tigris:websvn:1.04
-
cpe:2.3:a:tigris:websvn:1.10
-
cpe:2.3:a:tigris:websvn:1.20
-
cpe:2.3:a:tigris:websvn:1.31a
-
cpe:2.3:a:tigris:websvn:1.32
-
cpe:2.3:a:tigris:websvn:1.33
-
cpe:2.3:a:tigris:websvn:1.34
-
cpe:2.3:a:tigris:websvn:1.37
-
cpe:2.3:a:tigris:websvn:1.38
-
cpe:2.3:a:tigris:websvn:1.39
-
cpe:2.3:a:tigris:websvn:1.40
-
cpe:2.3:a:tigris:websvn:1.51
-
cpe:2.3:a:tigris:websvn:1.60
-
cpe:2.3:a:tigris:websvn:1.61
-
cpe:2.3:a:tigris:websvn:1.62