CVE-2010-0132

NONE EPSS 81.5%
Published Mar 31, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 31, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

Threat Intelligence

EPSS Exploit Probability
81.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 16

VendorProductVersionRange
viewvcviewvc1.0.0any
viewvcviewvc1.0.1any
viewvcviewvc1.0.2any
viewvcviewvc1.0.3any
viewvcviewvc1.0.4any
viewvcviewvc1.0.5any
viewvcviewvc1.0.6any
viewvcviewvc1.0.7any
viewvcviewvc1.0.8any
viewvcviewvc1.0.9any
viewvcviewvc1.0.10any
viewvcviewvc1.1.0any
viewvcviewvc1.1.1any
viewvcviewvc1.1.2any
viewvcviewvc1.1.3any
viewvcviewvc1.1.4any

References 10

  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
  • secunia.com http://secunia.com/advisories/38918
    Vendor Advisory
  • secunia.com http://secunia.com/secunia_research/2010-26/
    Vendor Advisory
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD
  • securityfocus.com http://www.securityfocus.com/archive/1/510408/100/0/threaded
  • vupen.com http://www.vupen.com/english/advisories/2010/0743
    PatchVendor Advisory
  • vupen.com http://www.vupen.com/english/advisories/2010/0844

Remediation

  • vupen.com http://www.vupen.com/english/advisories/2010/0743
    PatchVendor Advisory