CVE-2018-1000998

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000998
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000998.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000998
Downstream
Published
2019-02-04T21:29:00Z
Modified
2024-11-21T03:40:36Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.

References

Affected packages

Debian:11 / cvsweb

Package

Name
cvsweb
Purl
pkg:deb/debian/cvsweb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3:3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cvsweb

Package

Name
cvsweb
Purl
pkg:deb/debian/cvsweb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3:3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cvsweb

Package

Name
cvsweb
Purl
pkg:deb/debian/cvsweb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3:3.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}