CVE-2006-5442
- Source
- https://cve.org/CVERecord?id=CVE-2006-5442
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-5442.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2006-5442
- Withdrawn
- 2024-06-30T15:57:10.273816Z
- Published
- 2006-10-21T00:07:00Z
- Modified
- 2024-06-04T04:00:19Z
- Summary
- [none]
- Details
-
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
- References
-
- http://secunia.com/advisories/22395
- http://www.hardened-php.net/advisory_102006.134.html
- http://securityreason.com/securityalert/1755
- http://viewvc.tigris.org/servlets/ReadMsg?list=announce&msgNo=5&raw=true
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
- http://www.securityfocus.com/archive/1/448762/100/0/threaded
- http://www.securityfocus.com/bid/20543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29576
Affected packages
Debian:10 / viewvc
Package
- Name
- viewvc
- Purl
- pkg:deb/debian/viewvc?arch=source