Viewvc : Security Vulnerabilities, CVEs, Published In 2010 (XSS)
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
Max CVSS
4.3
EPSS Score
0.14%
Published
2010-03-19
Updated
2010-03-22
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
Max CVSS
2.6
EPSS Score
0.32%
Published
2010-03-31
Updated
2018-10-10
2 vulnerabilities found