Vulnerabilities > Viewvc > Viewvc > 1.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-04 | CVE-2023-22464 | Cross-site Scripting vulnerability in Viewvc ViewVC is a browser interface for CVS and Subversion version control repositories. | 5.4 |
2023-01-03 | CVE-2023-22456 | Cross-site Scripting vulnerability in Viewvc ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. | 6.1 |
2020-04-03 | CVE-2020-5283 | Cross-site Scripting vulnerability in Viewvc ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. | 3.5 |
2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 4.3 |
2012-07-22 | CVE-2012-3357 | Information Exposure vulnerability in Viewvc The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | 5.0 |
2010-03-31 | CVE-2010-0132 | Cross-Site Scripting vulnerability in Viewvc Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. | 2.6 |
2010-03-19 | CVE-2010-0736 | Cross-Site Scripting vulnerability in Viewvc Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." | 4.3 |
2010-01-29 | CVE-2010-0005 | Permissions, Privileges, and Access Controls vulnerability in Viewvc query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. | 7.5 |