Arch Linux: ASA-201608-11 Moderate XSS Vulnerability in WebSVN Exploit

Arch Linux Security Advisory ASA-201608-11
=========================================
Severity: Medium
Date    : 2016-08-11
CVE-ID  : CVE-2016-1236
Package : websvn
Type    : cross-site scripting
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package websvn before version 2.3.3-7 is vulnerable to several
cross-site scripting issues.

Resolution
=========
Upgrade to 2.3.3-7.

# pacman -Syu "websvn>=2.3.3-7"

The problem has not been fixed upstream yet.

Workaround
=========
None.

Description
==========
Multiple cross-site scripting (XSS) vulnerabilities in revision.php,
log.php, listing.php, and comp.php in WebSVN allow context-dependent
attackers to inject arbitrary web script or HTML via the name of a file
or directory in a repository.

Impact
=====
A remote attacker can execute arbitrary javascript code in the victim's
browser by creating a file or a directory with a specially crafted name
in a SVN repository.

References
=========
https://bugs.archlinux.org/task/50344
https://www.openwall.com/lists/oss-security/2016/05/05/22
https://access.redhat.com/security/cve/CVE-2016-1236