Known Vulnerabilities for products from Viewvc
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Viewvc".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-22464 | ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vul... | 5.4 - MEDIUM | 2023-01-04 | 2023-11-07 |
| CVE-2023-22456 | ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that... | 6.1 - MEDIUM | 2023-01-03 | 2023-11-07 |
| CVE-2020-5283 | ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulner... | 3.5 - LOW | 2020-04-03 | 2023-11-07 |
| CVE-2017-5938 | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1... | 6.1 - MEDIUM | 2017-03-15 | 2018-10-30 |
| CVE-2012-4533 | Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewV... | 4.3 - MEDIUM | 2012-11-19 | 2023-02-13 |
| CVE-2012-3357 | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a reada... | 5 - MEDIUM | 2012-07-22 | 2017-08-29 |
| CVE-2012-3356 | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization,... | 5 - MEDIUM | 2012-07-22 | 2023-02-13 |
| CVE-2010-0736 | Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x b... | 4.3 - MEDIUM | 2010-03-19 | 2010-03-22 |
| CVE-2010-0132 | Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search... | 2.6 - LOW | 2010-03-31 | 2018-10-10 |
| CVE-2010-0005 | query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer ... | 7.5 - HIGH | 2010-01-29 | 2010-02-02 |
| CVE-2010-0004 | ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attac... | 5 - MEDIUM | 2010-01-29 | 2023-11-07 |
| CVE-2009-5024 | ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct re... | 5 - MEDIUM | 2011-05-23 | 2023-11-07 |
| CVE-2009-3619 | Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors relate... | 5 - MEDIUM | 2009-11-10 | 2023-11-07 |
| CVE-2009-3618 | Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers... | 4.3 - MEDIUM | 2009-11-10 | 2023-11-07 |
| CVE-2008-4325 | lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP res... | 5.8 - MEDIUM | 2008-09-30 | 2010-08-30 |
| CVE-2008-1292 | ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote att... | 4.3 - MEDIUM | 2008-03-24 | 2009-08-20 |
| CVE-2008-1291 | ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote att... | 4.3 - MEDIUM | 2008-03-24 | 2009-08-20 |
| CVE-2008-1290 | ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which all... | 4.3 - MEDIUM | 2008-03-24 | 2009-08-20 |
| CVE-2007-5743 | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 - HIGH | 2019-11-07 | 2020-08-18 |
| CVE-2006-5442 | ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to c... | 6.8 - MEDIUM | 2006-10-21 | 2018-10-17 |
Known software with vulnerabilities from Viewvc
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Viewvc | Viewvc | 0.3.0 |