Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
viewvc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1291
ViewVC prior to 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read files and list folders under the hidden CVSROOT folder.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.3
NA
CVE-2008-1292
ViewVC prior to 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote malicious users to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by travers...
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.2
NA
CVE-2006-5442
ViewVC 1.0.2 and previous versions does not specify a charset in its HTTP headers or HTML documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
Viewvc Viewvc
3.5
CVSSv3
CVE-2020-5283
ViewVC prior to 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has...
Viewvc Viewvc
6.1
CVSSv3
CVE-2023-22456
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions before 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a S...
Viewvc Viewvc
5.4
CVSSv3
CVE-2023-22464
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions before 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an malicious user to have commit privileges to a Subversion re...
Viewvc Viewvc
NA
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote malicious users to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the ...
Viewvc Viewvc 1.0.5
NA
CVE-2012-4533
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x prior to 1.0.13 and 1.1.x prior to 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script ...
Viewvc Viewvc
Debian Debian Linux 7.0
Debian Debian Linux 6.0
6.1
CVSSv3
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
7.5
CVSSv3
CVE-2007-5743
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
Viewvc Viewvc 1.0.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2