Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x prior to 1.0.13 and 1.1.x prior to 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viewvc viewvc |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |