Websvn@* Security Vulnerabilities and Issues — Websvn@* CVE List

Lucene search

WebsvnWebsvn*

6 matches found

CVE•added 2021/05/18 5:15 p.m.•277 views

CVE-2021-32305

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.

10CVSS9.6AI score0.93293EPSS

In wildWeb

CVE•added 2016/05/11 9:59 p.m.•56 views

CVE-2016-1236

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.

6.1CVSS5.9AI score0.00294EPSS

CVE•added 2016/04/07 9:59 p.m.•54 views

CVE-2016-2511

Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.

6.1CVSS5.9AI score0.00388EPSS

Web

CVE•added 2012/10/25 5:55 p.m.•45 views

CVE-2011-5221

Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.

4.3CVSS5.8AI score0.00647EPSS

CVE•added 2007/06/06 1:30 a.m.•38 views

CVE-2007-3056

Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.

4.3CVSS5.8AI score0.00792EPSS

CVE•added 2021/10/26 1:15 p.m.•33 views

CVE-2011-2195

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.

9.8CVSS9.6AI score0.03419EPSS