CVE-2018-1000998

FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.
References
Link Resource
https://www.kvakil.me/posts/cvsweb/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:freebsd:cvsweb:*:*:*:*:*:*:*:*

Information

Published : 2019-02-04 09:29

Updated : 2019-02-07 02:26


NVD link : CVE-2018-1000998

Mitre link : CVE-2018-1000998

Products Affected
No products.
CWE