Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
viewvc viewvc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22464
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions before 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a Subversion re...
Viewvc Viewvc
NA
CVE-2023-22456
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions before 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a S...
Viewvc Viewvc
2.1
CVSSv2
CVE-2020-5283
ViewVC prior to 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has...
Viewvc Viewvc
4.3
CVSSv2
CVE-2007-5743
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
Viewvc Viewvc 1.0.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
4.3
CVSSv2
CVE-2012-4533
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x prior to 1.0.13 and 1.1.x prior to 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script ...
Viewvc Viewvc
Debian Debian Linux 7.0
Debian Debian Linux 6.0
5
CVSSv2
CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC prior to 1.1.15 does not properly perform authorization, which allows remote malicious users to bypass intended access restrictions via unspecified vectors.
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.1.5
Viewvc Viewvc 0.8
Viewvc Viewvc 0.9.3
Viewvc Viewvc 1.1.13
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 0.9.2
Viewvc Viewvc 1.0.11
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 0.9.1
Viewvc Viewvc
Viewvc Viewvc 1.1.10
Viewvc Viewvc 1.1.4
Viewvc Viewvc 0.9.4
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.0.3
5
CVSSv2
CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC prior to 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote malicious users to obtain sensitive information, related to a "log msg leak."
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.1.11
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.2
Viewvc Viewvc 0.9.1
Viewvc Viewvc 0.9
Viewvc Viewvc
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.0.10
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.9
Viewvc Viewvc 0.8
Viewvc Viewvc 1.1.13
Viewvc Viewvc 1.1.12
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.0.11
5
CVSSv2
CVE-2009-5024
ViewVC prior to 1.1.11 allows remote malicious users to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.1.5
Viewvc Viewvc 0.8
Viewvc Viewvc 0.9.3
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 0.9.2
Viewvc Viewvc 1.0.11
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 0.9.1
Viewvc Viewvc 1.1.4
Viewvc Viewvc 0.9.4
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
2.6
CVSSv2
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.0.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »