[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3906Date: (C)2010-12-17   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1024905
EXPLOIT-DB-15744
SECUNIA-42645
SECUNIA-42731
SECUNIA-42743
SECUNIA-43457
BID-45439
ADV-2010-3323
ADV-2011-0010
ADV-2011-0464
FEDORA-2010-18973
FEDORA-2010-18981
MDVSA-2010:256
RHSA-2010:1003
SUSE-SR:2011:004

CPE    3
cpe:/a:git-scm:git:0.7.0
cpe:/a:git-scm:git:0.6.0
cpe:/a:git-scm:git:0.5
CWE    1
CWE-79
OVAL    5
oval:org.secpod.oval:def:100116
oval:org.secpod.oval:def:1503229
oval:org.secpod.oval:def:500354
oval:org.secpod.oval:def:300346
...

© SecPod Technologies