CVE-2018-1000998

Name of the Vulnerable Software and Affected Versions FreeBSD CVSweb versions 2.x

Description The issue is related to a Cross Site Scripting (XSS) vulnerability present in all pages of the affected software. This vulnerability can result in limited impact, as CVSweb is anonymous and read-only. However, it might impact other sites on the same domain. The attack appears to be exploitable via a victim loading a specially crafted URL.

Recommendations For FreeBSD CVSweb versions 2.x, update to version 3.x to resolve the issue.