Matthew R. Bucci

Name of the Vulnerable Software and Affected Versions: ViewGit versions prior to 0.0.7 Description: The issue allows remote repository users to inject arbitrary web script or HTML via a tag name to the Shortlog table in `templates/shortlog.php` or branch name to the Shortlog table in `templates/shortlog.php` or the Heads table in `plates/summary.php`. This is due to multiple cross-site scripting (XSS) vulnerabilities. Recommendations: For versions prior to 0.0.7, update to version 0.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `templates/shortlog.php` and `plates/summary.php` files to minimize the risk of exploitation. Avoid using user-supplied input for tag names and branch names in the affected tables until the issue is resolved.