bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.
Max CVSS
5.0
EPSS Score
0.66%
Published
2003-04-02
Updated
2008-09-05
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.
Max CVSS
6.8
EPSS Score
1.14%
Published
2003-04-02
Updated
2016-10-18
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.
Max CVSS
5.0
EPSS Score
0.89%
Published
2003-04-02
Updated
2017-07-11
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.
Max CVSS
7.5
EPSS Score
0.46%
Published
2003-04-02
Updated
2008-09-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!