CVE-2007-5743

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option...

CVE-2007-5743

Removed by vendor...

CVE-2007-5743

CVE-2007-5743 affects viewvc 1.0.3 and allows improper access control to files in a repository when using the "forbidden" configuration option. NVD lists CVSS‑2 base 4.3 (Network, Medium) and CVSS‑3.1 base 7.5 (Network, Low‑Impact? actually C:H I:N A:N) with confidentiality impact High; other imp...

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

Debian: Security Advisory (DLA-820-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

Cross site scripting

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

UBUNTU-CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

CVE-2017-5938

CVE-2017-5938 is a Cross-site scripting (XSS) vulnerability in ViewVC’s nav_path function (lib/viewvc.py). Affected: ViewVC versions before 1.0.14 and 1.1.x before 1.1.26. Impact: remote attackers can inject arbitrary JavaScript/HTML via the nav_data name. Mitigation: upgrade to ViewVC 1.1.26 (or...

CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

CVE-2017-5938

Removed by vendor...

openSUSE Security Update : viewvc (openSUSE-2017-274)

This update for viewvc to version 1.1.26 fixes the following issues : - vievwc 1.1.26, including one security fix : - CVE-2017-5938 escape navdata name to avoid XSS attack boo1024393 - vievwc 1.1.25 : - fix rev2optrev assertion on long input - license is BSD-2-Clause, package LICENSE text - Updat...

Fedora Update for viewvc FEDORA-2017-bd3c3c957f

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for viewvc FEDORA-2017-2bce6ed778

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2017-0048 Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...

Updated viewvc packages fix security vulnerability

Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...