CVE-2005-4830
- EPSS 2.1%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:19:31
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.
CVE-2005-4831
- EPSS 1.08%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:19:32
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2)...
- EPSS 1.29%
- Veröffentlicht 10.01.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:39
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
CVE-2004-1062
- EPSS 1.24%
- Veröffentlicht 28.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:56
Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.
CVE-2002-0771
- EPSS 7.24%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:06
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.