-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

 ---------------------------------------------------
| BuHa Security-Advisory        | August 26th, 2005 |
 ---------------------------------------------------
| Vendor   | FreeBSD CVSweb                         |
| URL      | <http://www.freebsd.org/projects/      |
|          | cvsweb.html>                           |
| Version  | <= CVSWeb 3.0.6                        |
| Risk     | Low (XSS)                              |
 ---------------------------------------------------

o Description:
=============

CVSweb is a WWW interface for CVS repositories with which you can
browse a file hierarchy on your browser to view each file's revision
history in a very handy manner.

Visit http://www.freebsd.org/projects/cvsweb.html for detailed information.

o XSS:
=====

</cvsweb.cgi/$path_to_file?f=[XSS]>
</cvsweb.cgi/$path_to_file?hideattic=[XSS]>

o Disclosure Timeline:
=====================

13 Mar 05 - Security flaws discovered.
12 Aug 05 - Vendor contacted.
26 Aug 05 - Public release.

o Solution:
==========

Currently, no solution is available. I contacted the developers of
CVSWeb two weeks ago but I did not get any answer.

o Credits:
=========

Thomas Waldegger <bugtraq@morph3us.org>
BuHa-Security Community - http://buha.info/board/

-----BEGIN PGP SIGNATURE-----
Version: n/a
Comment: http://morph3us.org/

iD8DBQFD9YElkCo6/ctnOpYRA+8xAJsFgXk2+lcdl/gPWpDzCs8ZSQ40JwCdHuU2
02S5oCGKLk0rXY9kgboIBiw=
=00Vg
-----END PGP SIGNATURE-----