CVE-2010-0132
Summary
| CVE | CVE-2010-0132 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-03-31 18:00:00 UTC |
| Updated | 2018-10-10 19:51:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Viewvc | Viewvc | 1.0.0 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.1 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.10 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.2 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.3 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.4 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.5 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.6 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.7 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.8 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.9 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.0 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.1 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.2 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.3 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.4 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.0 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.1 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.10 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.2 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.3 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.4 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.5 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.6 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.7 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.8 | All | All | All |
| Application | Viewvc | Viewvc | 1.0.9 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.0 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.1 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.2 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.3 | All | All | All |
| Application | Viewvc | Viewvc | 1.1.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| Research - Community | MISC | secunia.com | Vendor Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:009 | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 11 Update: viewvc-1.1.5-1.fc11 | FEDORA | lists.fedoraproject.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| [SECURITY] Fedora 13 Update: viewvc-1.1.5-1.fc13 | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 12 Update: viewvc-1.1.5-1.fc12 | FEDORA | lists.fedoraproject.org | |
| ViewVC Regular Expression Search Cross-Site Scripting Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES | CONFIRM | viewvc.tigris.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.