Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ViewCVS Source View输入验证漏洞
Vulnerability Description
ViewCVS 0.9.2中的viewcvs让远程攻击者可以通过content-type参数将Content-Type标题设置为任意值,从而被跨站脚本攻击和其他攻击所利用。如对图片使用(1)"text/html"或(2)"image/jpeg",此图片由Internet Explorer以HTML表示。
CVSS Information
N/A
Vulnerability Type
N/A