Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability

From: sk <sk10_0 () yahoo com>
Date: Tue, 21 Sep 2010 21:42:22 +0530 (IST)


CollabNet Subversion Edge Log Parser XSS/Code  Injection Vulnerability

Discovery Date: Sep 10, 2010
Risk:  Important
Description:

There is a Cross Site Script (XSS)  vulnerability that exists in CollabNet 
Subversion Edge 1.2 and prior  versions. This said vulnerability can be 
exploited by sending a crafted  request to the CollabNet Subversion. server. 
When an administrator tries  to view the log file then this XSS Code will get 
executed.

More  information on this can be found on the following pages:
hxxps://ctf.open.collab.net/sf/sfmain/do/go/artf5016?returnUrlKey=1284577592506


Patch  Information:
More information on the patch can be found in the  following page:
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_1.2.1


Discovered  by: Sumit Kumar Soni, Trend Micro
Email: ssummit () gmail com
For  More info
http://voidroot.blogspot.com/2010/09/collabnet-subversion-edge-log-parser.html
http://threatinfo.trendmicro.com/vinfo/secadvisories/default6.asp?VName=CollabNet%20Subversion%20Edge%20Log%20Parser%20XSS/Code%20Injection%20Vulnerability


Regards
Sumit
Previous By Date Next
Previous By Thread Next

Current thread: