CVE-2005-4831

Name of the Vulnerable Software and Affected Versions ViewCVS versions 0.9.2 through 0.9.4

Description The issue allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter. This can be leveraged for cross-site scripting (XSS) and other attacks by setting the Content-Type header to values such as "text/html" or "image/jpeg", which can be rendered as HTML by certain browsers like Internet Explorer.

Recommendations For ViewCVS versions 0.9.2 through 0.9.4, consider restricting access to the content-type parameter to prevent arbitrary header setting until a patch is available. As a temporary workaround, avoid using the content-type parameter in sensitive operations.