20 matches found
CVE-2026-44197
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
PYSEC-2026-146
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...
GHSA-C6WJ-9VCJ-75PJ Wagtail has improper permission handling when comparing revisions
Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...
CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...
devel/viewvc-devel is vulnerable to cross-site scripting
C. Michael Pilato reports: security fix: escape revision view copy paths 311 CVE-2023-22464 security fix: escape revision view changed paths 311 CVE-2023-22456...
CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...
GHSA-QJMG-77XH-7MJW Loggerhead XSS via filename
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
Loggerhead XSS via filename
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
MantisBT Information Disclosure Vulnerability (CNVD-2021-00827)
MantisBT is a lightweight, free and open source, web-based defect tracking system. An information disclosure vulnerability exists in MantisBT versions prior to 2.24.4. The vulnerability stems from a failure to check access to bugrevisionviewpage.php correctly. An attacker can exploit the...
CVE-2012-3357
The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...
Path traversal
The SVN revision view lib/vclib/svn/svnrepos.py in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...
CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
DEBIAN-CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
Cross site scripting
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
CVE-2011-0728
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
SuSE 10 Security Update : Subversion (ZYPP Patch Number 5362)
This update of subversion fixes multiple vulnerabilities. - list CVS or SVN commits on 'all-forbidden' files. CVE-2008-1290 - directly access hidden CVSROOT folders. CVE-2008-1291 - expose restricted content via the revision view, the log history, or the diff view. CVE-2008-1292 %NASLMINLEVEL 703...
GLSA-200803-29 : ViewVC: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...
Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)
These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...