Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Max CVSS
4.3
EPSS Score
0.15%
Published
2012-11-19
Updated
2023-02-13
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."
Max CVSS
5.0
EPSS Score
0.64%
Published
2012-07-22
Updated
2017-08-29
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.67%
Published
2012-07-22
Updated
2023-02-13
3 vulnerabilities found