Vulnerabilities > Viewvc

DATE CVE VULNERABILITY TITLE RISK
2020-04-03 CVE-2020-5283 Cross-site Scripting vulnerability in Viewvc
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support.
network
high complexity
viewvc CWE-79
2.1
2019-11-07 CVE-2007-5743 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
4.3
2017-03-15 CVE-2017-5938 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
4.3
2012-11-19 CVE-2012-4533 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
network
viewvc debian CWE-79
4.3
2012-07-22 CVE-2012-3357 Information Exposure vulnerability in Viewvc
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
network
low complexity
viewvc CWE-200
5.0
2012-07-22 CVE-2012-3356 Improper Authentication vulnerability in Viewvc
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
network
low complexity
viewvc CWE-287
5.0
2011-05-23 CVE-2009-5024 Resource Management Errors vulnerability in Viewvc
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
network
low complexity
viewvc CWE-399
5.0
2010-03-31 CVE-2010-0132 Cross-Site Scripting vulnerability in Viewvc
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
network
high complexity
viewvc CWE-79
2.6
2010-03-19 CVE-2010-0736 Cross-Site Scripting vulnerability in Viewvc
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
network
viewvc CWE-79
4.3
2010-01-29 CVE-2010-0005 Permissions, Privileges, and Access Controls vulnerability in Viewvc
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
network
low complexity
viewvc CWE-264
7.5