CVE-2010-0132
NONE EPSS 81.5%
Published Mar 31, 201016y ago · Modified Jun 16, 20262w ago
Published Mar 31, 2010 16y ago
Last Modified Jun 16, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
Threat Intelligence
EPSS Exploit Probability
81.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 16
| Vendor | Product | Version | Range |
|---|---|---|---|
| viewvc | viewvc | 1.0.0 | any |
| viewvc | viewvc | 1.0.1 | any |
| viewvc | viewvc | 1.0.2 | any |
| viewvc | viewvc | 1.0.3 | any |
| viewvc | viewvc | 1.0.4 | any |
| viewvc | viewvc | 1.0.5 | any |
| viewvc | viewvc | 1.0.6 | any |
| viewvc | viewvc | 1.0.7 | any |
| viewvc | viewvc | 1.0.8 | any |
| viewvc | viewvc | 1.0.9 | any |
| viewvc | viewvc | 1.0.10 | any |
| viewvc | viewvc | 1.1.0 | any |
| viewvc | viewvc | 1.1.1 | any |
| viewvc | viewvc | 1.1.2 | any |
| viewvc | viewvc | 1.1.3 | any |
| viewvc | viewvc | 1.1.4 | any |
References 10
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- secunia.com http://secunia.com/advisories/38918
- secunia.com http://secunia.com/secunia_research/2010-26/
- viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD
- securityfocus.com http://www.securityfocus.com/archive/1/510408/100/0/threaded
- vupen.com http://www.vupen.com/english/advisories/2010/0743
- vupen.com http://www.vupen.com/english/advisories/2010/0844
Remediation
- vupen.com http://www.vupen.com/english/advisories/2010/0743