Vulnerabilities > Viewvc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-04 | CVE-2023-22464 | Cross-site Scripting vulnerability in Viewvc ViewVC is a browser interface for CVS and Subversion version control repositories. | 5.4 |
| 2023-01-03 | CVE-2023-22456 | Cross-site Scripting vulnerability in Viewvc ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. | 6.1 |
| 2020-04-03 | CVE-2020-5283 | Cross-site Scripting vulnerability in Viewvc ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. | 3.5 |
| 2019-11-07 | CVE-2007-5743 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 4.3 |
| 2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 4.3 |
| 2012-07-22 | CVE-2012-3357 | Information Exposure vulnerability in Viewvc The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | 5.0 |
| 2010-03-31 | CVE-2010-0132 | Cross-Site Scripting vulnerability in Viewvc Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. | 2.6 |
| 2010-03-19 | CVE-2010-0736 | Cross-Site Scripting vulnerability in Viewvc Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." | 4.3 |
| 2010-01-29 | CVE-2010-0005 | Permissions, Privileges, and Access Controls vulnerability in Viewvc query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | 7.5 |
| 2008-09-30 | CVE-2008-4325 | Remote Security vulnerability in Viewvc 1.0.5 lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. network viewvc | 5.8 |