PT-2011-4038 · Cgit · Cgit
Publicado
2011-08-03
·
Atualizado
2024-06-15
·
CVE-2011-2711
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
cgit versions 0.9.0.2 and earlier
Description
A cross-site scripting (XSS) issue exists due to insufficient input validation in the
print fileinfo function. This allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.Recommendations
For cgit versions 0.9.0.2 and earlier, consider disabling the
print fileinfo function until a patch is available to prevent exploitation. Restrict access to the rename hint feature to minimize the risk of XSS attacks.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cgit