CVE-2008-5918

NONE
Published Jan 21, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 21, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 20

VendorProductVersionRange
tigriswebsvn* ≤2.0
tigriswebsvn1.00any
tigriswebsvn1.01any
tigriswebsvn1.02any
tigriswebsvn1.03any
tigriswebsvn1.04any
tigriswebsvn1.10any
tigriswebsvn1.20any
tigriswebsvn1.31aany
tigriswebsvn1.32any
tigriswebsvn1.33any
tigriswebsvn1.34any
tigriswebsvn1.37any
tigriswebsvn1.38any
tigriswebsvn1.39any
tigriswebsvn1.40any
tigriswebsvn1.51any
tigriswebsvn1.60any
tigriswebsvn1.61any
tigriswebsvn1.62any

References 10

Remediation

  • websvn.tigris.org http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
    Patch