Vulnerabilities > Viewvc

DATE CVE VULNERABILITY TITLE RISK
2023-01-04 CVE-2023-22464 Cross-site Scripting vulnerability in Viewvc
ViewVC is a browser interface for CVS and Subversion version control repositories.
network
low complexity
viewvc CWE-79
5.4
2023-01-03 CVE-2023-22456 Cross-site Scripting vulnerability in Viewvc
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29.
network
low complexity
viewvc CWE-79
6.1
2020-04-03 CVE-2020-5283 Cross-site Scripting vulnerability in Viewvc
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support.
network
low complexity
viewvc CWE-79
3.5
2019-11-07 CVE-2007-5743 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
4.3
2017-03-15 CVE-2017-5938 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
4.3
2012-07-22 CVE-2012-3357 Information Exposure vulnerability in Viewvc
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
network
low complexity
viewvc CWE-200
5.0
2010-03-31 CVE-2010-0132 Cross-Site Scripting vulnerability in Viewvc
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
network
high complexity
viewvc CWE-79
2.6
2010-03-19 CVE-2010-0736 Cross-Site Scripting vulnerability in Viewvc
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
network
viewvc CWE-79
4.3
2010-01-29 CVE-2010-0005 Permissions, Privileges, and Access Controls vulnerability in Viewvc
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
network
low complexity
viewvc CWE-264
7.5
2008-09-30 CVE-2008-4325 Remote Security vulnerability in Viewvc 1.0.5
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object.
network
viewvc
5.8