Skip to main content

Viewvc

7 CVEs product

Monthly

CVE-2023-22464 MEDIUM POC This Month

ViewVC is a browser interface for CVS and Subversion version control repositories. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Viewvc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22456 MEDIUM PATCH This Month

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Viewvc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-5283 LOW POC PATCH Monitor

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Viewvc
NVD GitHub
CVSS 3.1
3.5
EPSS
1.2%
CVE-2017-5938 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Debian Linux Leap Viewvc
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2012-4533 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Viewvc Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-3357 MEDIUM This Month

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Viewvc
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-3356 MEDIUM This Month

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Viewvc
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ViewVC is a browser interface for CVS and Subversion version control repositories. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Viewvc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Viewvc
NVD GitHub
EPSS 1% CVSS 3.5
LOW POC PATCH Monitor

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Viewvc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Debian Linux Leap +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Viewvc Debian Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Viewvc
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Viewvc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy