CVE-2012-4533 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the \extra\ details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the \function name\ line.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 http://osvdb.org/86566 http://secunia.com/advisories/51041 http://secunia.com/advisories/51072 http://viewvc.tigris.org/issues/show_bug.cgi?id=515 http://viewvc.tigris.org/source/browse/checkout/viewvc/tags/1.0.13/CHANGES http://viewvc.tigris.org/source/browse/checkout/viewvc/tags/1.1.16/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794 http://www.debian.org/security/2012/dsa-2563 http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 http://www.openwall.com/lists/oss-security/2012/10/21/2 http://www.openwall.com/lists/oss-security/2012/10/21/3 http://www.securityfocus.com/bid/56161 https://exchange.xforce.ibmcloud.com/vulnerabilities/79561 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313

Share on: