Skip to content

XSS vulnerability in nav_path template data #137

Closed
@cmpilato

Description

@cmpilato

ViewVC does not properly escape the names of versioned directories and files before making them available for use via its nav_path HTML template variables. These variables are used in ViewVC's default templates, and would likely be used in folks' customized templates, too. A user with commit privileges to the repository could introduce a versioned directory or file with a name that contains an executable script (e.g., <img src="#" onerror="alert(1)">), and the script would be evaluated upon a user's navigation (via web browser) to ViewVC's view of that directory or file.

Metadata

Metadata

Assignees

Labels

bugClear defects in the way ViewVC behaves

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions