Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3906Cross-site Scripting in GIT

CWE-79Cross-site Scripting9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
13.9%
top 5.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
GITGit-scm GIT
Timeline
PublishedDec 17
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Debiangit/git< 1:1.7.2.3-2.2+3
NVDgit-scm/git1.7.3.3+7
NVDgit/git130 versions+129

🔴Vulnerability Details

3
GHSA
GHSA-3mrf-mhch-542p: Cross-site scripting (XSS) vulnerability in Gitweb 12022-05-13
CVEList
CVE-2010-3906: Cross-site scripting (XSS) vulnerability in Gitweb 12010-12-17
OSV
CVE-2010-3906: Cross-site scripting (XSS) vulnerability in Gitweb 12010-12-17

💥Exploits & PoCs

1
Exploit-DB
gitWeb 1.7.3.3 - Cross-Site Scripting2010-12-15

📋Vendor Advisories

2
Red Hat
(gitweb): XSS due to missing escaping of HTML element attributes2010-12-15
Debian
CVE-2010-3906: git - Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows re...2010

💬Community

2
Bugzilla
CVE-2010-3906 Git (gitweb): XSS due to missing escaping of HTML element attributes2010-12-16
Bugzilla
CVE-2010-3906 Git (gitweb): XSS by processing unsafe HTML attributes [fedora-all]2010-12-16
CVE-2010-3906 — Cross-site Scripting in Git-scm GIT | cvebase