ID de Prueba:	1.3.6.1.4.1.25623.1.0.806882
Categoría:	Web application abuses
Título:	WebSVN Cross site Scripting Vulnerability
Resumen:	WebSVN is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: WebSVN is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to - improper validation of 'path' parameter in 'log.php' file, 'revision.php', 'listing.php', and 'comp.php'. Vulnerability Impact: Successful exploitation will allow remote attackers to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: WebSVN 2.3.3 and probably earlier versions. Solution: As a workaround make the changes in the file 'include/setup.php' as mentioned in the advisory at the references. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2511 Debian Security Information: DSA-3490 (Google Search) http://www.debian.org/security/2016/dsa-3490 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://seclists.org/fulldisclosure/2016/Feb/99 http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html Common Vulnerability Exposure (CVE) ID: CVE-2016-1236 Debian Security Information: DSA-3572 (Google Search) http://www.debian.org/security/2016/dsa-3572 http://www.openwall.com/lists/oss-security/2016/05/05/22
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.