11 matches found
Debian: Security Advisory (DLA-820-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-5938
Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...
CVE-2017-5938
Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...
CVE-2017-5938
Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...
CVE-2017-5938
CVE-2017-5938 is a Cross-site scripting (XSS) vulnerability in ViewVC’s nav_path function (lib/viewvc.py). Affected: ViewVC versions before 1.0.14 and 1.1.x before 1.1.26. Impact: remote attackers can inject arbitrary JavaScript/HTML via the nav_data name. Mitigation: upgrade to ViewVC 1.1.26 (or...
CVE-2017-5938
Removed by vendor...
openSUSE Security Update : viewvc (openSUSE-2017-274)
This update for viewvc to version 1.1.26 fixes the following issues : - vievwc 1.1.26, including one security fix : - CVE-2017-5938 escape navdata name to avoid XSS attack boo1024393 - vievwc 1.1.25 : - fix rev2optrev assertion on long input - license is BSD-2-Clause, package LICENSE text - Updat...
MGASA-2017-0048 Updated viewvc packages fix security vulnerability
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability CVE-2017-5938. The viewvc package has been updated to version 1.1.26 which fixes this issue...
Debian DSA-3784-1 : viewvc - security update
Thomas Gerbet discovered that viewvc, a web interface for CVS and Subversion repositories, did not properly sanitize user input. This problem resulted in a potential Cross-Site Scripting vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 3784-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3784-1] viewvc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq -...