Skip to main content

Usvn

4 CVEs product

Monthly

CVE-2020-17363 CRITICAL POC Act Now

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Usvn
NVD
CVSS 3.1
9.9
EPSS
4.4%
CVE-2020-25070 HIGH This Week

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Usvn
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-25069 CRITICAL Act Now

USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Usvn
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-0695 MEDIUM This Month

Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usvn
NVD
CVSS 3.0
6.1
EPSS
0.8%
EPSS 4% CVSS 9.9
CRITICAL POC Act Now

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Usvn
NVD
EPSS 0% CVSS 8.8
HIGH This Week

USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Usvn
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Usvn
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usvn
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy