ArchLinux: 201608-11: websvn: cross-site scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in revision.php, log.php, listing.php, and comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a file or directory in a repository.
Resolution
Upgrade to 2.3.3-7.
# pacman -Syu "websvn>=2.3.3-7"
The problem has not been fixed upstream yet.
References
https://bugs.archlinux.org/task/50344 https://www.openwall.com/lists/oss-security/2016/05/05/22 https://access.redhat.com/security/cve/CVE-2016-1236
Workaround
None.