Unrated severityNVD Advisory· Published Jan 21, 2009· Updated Apr 23, 2026
CVE-2008-5918
CVE-2008-5918
Description
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Affected products
20cpe:2.3:a:tigris:websvn:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:tigris:websvn:*:*:*:*:*:*:*:*range: <=2.0
- cpe:2.3:a:tigris:websvn:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.31a:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.37:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.38:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.39:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.62:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- websvn.tigris.org/servlets/NewsItemViewnvdPatch
- www.gulftech.orgnvdExploit
- www.securityfocus.com/bid/31891nvdExploit
- secunia.com/advisories/32338nvdVendor Advisory
- secunia.com/advisories/34191nvd
- securityreason.com/securityalert/4928nvd
- websvn.tigris.org/issues/show_bug.cginvd
- www.gentoo.org/security/en/glsa/glsa-200903-20.xmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/46048nvd
- www.exploit-db.com/exploits/6822nvd
News mentions
0No linked articles in our index yet.