Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24801
HistorySep 27, 2010 - 12:00 a.m.

CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability

2010-09-2700:00:00
vulners.com
45
JSON

CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability

Discovery Date: Sep 10, 2010
Risk: Important
Description:

There is a Cross Site Script (XSS) vulnerability that exists in CollabNet
Subversion Edge 1.2 and prior versions. This said vulnerability can be
exploited by sending a crafted request to the CollabNet Subversion. server.
When an administrator tries to view the log file then this XSS Code will get
executed.

More information on this can be found on the following pages:
hxxps://ctf.open.collab.net/sf/sfmain/do/go/artf5016?returnUrlKey=1284577592506

Patch Information:
More information on the patch can be found in the following page:
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_1.2.1

Discovered by: Sumit Kumar Soni, Trend Micro
Email: [email protected]
For More info
http://voidroot.blogspot.com/2010/09/collabnet-subversion-edge-log-parser.html
http://threatinfo.trendmicro.com/vinfo/secadvisories/default6.asp?VName=CollabNet%20Subversion%20Edge%20Log%20Parser%20XSS/Code%20Injection%20Vulnerability

Regards
Sumit

JSON