CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

CVE-2010-0004

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...

CVE-2008-4325

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE:...

OPENSUSE-SU-2024:10175-1 viewvc-1.1.24-2.1 on GA media

These are all security issues fixed in the viewvc-1.1.24-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12857-1 viewvc-1.3.0~dev20230104-1.1 on GA media

These are all security issues fixed in the viewvc-1.3.0dev20230104-1.1 package on the GA media of openSUSE Tumbleweed...

Mageia: Security Advisory (MGASA-2023-0019)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

SUSE CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

SUSE CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

SUSE CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

SUSE CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb rowlimit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request...

SUSE CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

SUSE CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

SUSE CVE-2010-0736

Cross-site scripting XSS vulnerability in the viewqueryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."...

SUSE CVE-2012-3356

The remote SVN views functionality lib/vclib/svn/svnra.py in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors...

SUSE CVE-2012-4533

Cross-site scripting XSS vulnerability in the "extra" details in the DiffSource.getrow function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" lin...

SUSE CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

SUSE CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

SUSE CVE-2023-22456

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...