Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2711

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-2711
Last Modified 06 Sep 2011 11:17:48
Published 02 Aug 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2711

Summary

Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.

Vulnerable Systems

Application

  • Lars Hjemli Cgit 0.1

  • Lars Hjemli Cgit 0.2

  • Lars Hjemli Cgit 0.3

  • Lars Hjemli Cgit 0.4

  • Lars Hjemli Cgit 0.5

  • Lars Hjemli Cgit 0.6

  • Lars Hjemli Cgit 0.6.1

  • Lars Hjemli Cgit 0.6.2

  • Lars Hjemli Cgit 0.6.3

  • Lars Hjemli Cgit 0.7

  • Lars Hjemli Cgit 0.7.1

  • Lars Hjemli Cgit 0.7.2

  • Lars Hjemli Cgit 0.8

  • Lars Hjemli Cgit 0.8.1

  • Lars Hjemli Cgit 0.8.1.1

  • Lars Hjemli Cgit 0.8.2

  • Lars Hjemli Cgit 0.8.2.1

  • Lars Hjemli Cgit 0.8.2.2

  • Lars Hjemli Cgit 0.8.3

  • Lars Hjemli Cgit 0.8.3.1

  • Lars Hjemli Cgit 0.8.3.2

  • Lars Hjemli Cgit 0.8.3.3

  • Lars Hjemli Cgit 0.8.3.4

  • Lars Hjemli Cgit 0.8.3.5

  • Lars Hjemli Cgit 0.9

  • Lars Hjemli Cgit 0.9.0.1

  • Lars Hjemli Cgit 0.9.0.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=725042

OSVDB - 74050

MLIST - [oss-security] 20110724 Re: Re: CVE Request -- cGit -- XSS flaw in rename hint

MLIST - [oss-security] 20110722 Re: CVE Request -- cGit -- XSS flaw in rename hint

MLIST - [oss-security] 20110722 CVE Request -- cGit -- XSS flaw in rename hint

MLIST - [cgit] 20110722 [PATCH] Fix potential XSS vulnerability in rename hint

CONFIRM - http://hjemli.net/git/cgit/commit/?h=stable&id=bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5

SUSE - openSUSE-SU-2011:0891

XF - cgit-renamehint-xss(68754)

BID - 48866

SECUNIA - 45541

SECUNIA - 45358


Last Updated: 27 May 2016 10:57:05