CVE-2012-4533
Published: 19 November 2012
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Priority
Status
Package | Release | Status |
---|---|---|
viewvc Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(1.1.5-1.1+squeeze2build0.12.04.1)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(1.1.5-1.4)
|
|
saucy |
Not vulnerable
(1.1.5-1.4)
|
|
trusty |
Does not exist
(trusty was not-affected [1.1.5-1.4])
|
|
upstream |
Released
(1.1.5-1.4)
|
|
utopic |
Not vulnerable
(1.1.5-1.4)
|
|
vivid |
Not vulnerable
(1.1.5-1.4)
|
|
wily |
Not vulnerable
(1.1.5-1.4)
|
|
xenial |
Not vulnerable
(1.1.5-1.4)
|
|
yakkety |
Not vulnerable
(1.1.5-1.4)
|