Search CVE reports
1 – 10 of 22 results
CVE-2023-22464
Medium priorityViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2023-22456
Medium priorityViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2020-5283
Medium priorityViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2007-5743
Low priorityviewvc 1.0.3 allows improper access control to files in a repository when using the “forbidden” configuration option.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2017-5938
Medium prioritySome fixes available 3 of 4
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | Fixed |
CVE-2012-4533
Medium prioritySome fixes available 1 of 6
Cross-site scripting (XSS) vulnerability in the “extra” details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | Not affected |
CVE-2012-3357
Low prioritySome fixes available 1 of 11
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | Not affected |
CVE-2012-3356
Low prioritySome fixes available 1 of 11
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | Not affected |
CVE-2009-5024
Low prioritySome fixes available 1 of 12
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a “query revision history” request.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | Not affected |
CVE-2010-0132
Medium priorityCross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |