Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC prior to 1.0.10, and 1.1.x prior to 1.1.4, allows remote malicious users to inject arbitrary web script or HTML via "user-provided input."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viewvc viewvc 1.1.3 |
||
viewvc viewvc 1.1.2 |
||
viewvc viewvc 1.1.1 |
||
viewvc viewvc 1.1.0 |
||
viewvc viewvc 1.0.8 |
||
viewvc viewvc |
||
viewvc viewvc 1.0.6 |
||
viewvc viewvc 1.0.4 |
||
viewvc viewvc 1.0.3 |
||
viewvc viewvc 1.0.2 |
||
viewvc viewvc 1.0.1 |
||
viewvc viewvc 1.0.7 |
||
viewvc viewvc 1.0.5 |