CVE-2008-5918

Name of the Vulnerable Software and Affected Versions WebSVN versions 2.0 and earlier

Description A cross-site scripting (XSS) issue exists in the getParameterisedSelfUrl function in index.php, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO. This could potentially lead to malicious script execution on the client-side.

Recommendations For WebSVN versions 2.0 and earlier, consider disabling the getParameterisedSelfUrl function in index.php as a temporary workaround until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the PATH INFO variable in the affected function until the issue is resolved.