CVE-2003-0154

Name of the Vulnerable Software and Affected Versions: bonsai Mozilla CVS query tool (affected versions not specified)

Description: The issue concerns cross-site scripting vulnerabilities (XSS) that allow remote attackers to execute arbitrary web script. This can be achieved through various parameters in different CGI scripts, including file, root, or rev parameters to cvslog.cgi, file or root parameters to cvsblame.cgi, several parameters to cvsquery.cgi, the person parameter to showcheckins.cgi, and the module parameter to cvsqueryform.cgi. There may be additional attack vectors.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.