Known Vulnerabilities for products from Viewvc
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Viewvc".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-22464 json | ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vul... | 5.4 - MEDIUM | 2023-01-04 | 2023-11-07 |
| CVE-2023-22456 json | ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that... | 6.1 - MEDIUM | 2023-01-03 | 2023-11-07 |
| CVE-2020-5283 json | ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulner... | 3.5 - LOW | 2020-04-03 | 2023-11-07 |
| CVE-2017-5938 json | Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1... | Not Provided | 2017-03-15 | 2025-04-20 |
| CVE-2012-4533 json | Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewV... | Not Provided | 2012-11-19 | 2026-04-29 |
| CVE-2012-3357 json | The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a reada... | Not Provided | 2012-07-22 | 2026-04-29 |
| CVE-2012-3356 json | The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization,... | Not Provided | 2012-07-22 | 2026-04-29 |
| CVE-2010-0736 json | Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x b... | Not Provided | 2010-03-19 | 2026-04-29 |
| CVE-2010-0132 json | Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search... | Not Provided | 2010-03-31 | 2026-04-29 |
| CVE-2010-0005 json | query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer ... | Not Provided | 2010-01-29 | 2026-04-29 |
| CVE-2010-0004 json | ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attac... | Not Provided | 2010-01-29 | 2026-04-29 |
| CVE-2009-5024 json | ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct re... | Not Provided | 2011-05-23 | 2026-04-29 |
| CVE-2009-3619 json | Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors relate... | Not Provided | 2009-11-10 | 2026-04-23 |
| CVE-2009-3618 json | Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers... | Not Provided | 2009-11-10 | 2026-04-23 |
| CVE-2008-4325 json | lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP res... | Not Provided | 2008-09-30 | 2026-04-23 |
| CVE-2008-1292 json | ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote att... | Not Provided | 2008-03-24 | 2026-04-23 |
| CVE-2008-1291 json | ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote att... | Not Provided | 2008-03-24 | 2026-04-23 |
| CVE-2008-1290 json | ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which all... | Not Provided | 2008-03-24 | 2026-04-23 |
| CVE-2007-5743 json | viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | 7.5 - HIGH | 2019-11-07 | 2020-08-18 |
| CVE-2006-5442 json | ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to c... | Not Provided | 2006-10-21 | 2026-04-23 |
Known software with vulnerabilities from Viewvc
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Viewvc | Viewvc | 0.3.0 |