CVE-2012-4533

NONE EPSS 86.1%
Published Nov 19, 201213y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 19, 2012 13y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

Threat Intelligence

EPSS Exploit Probability
86.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 4

VendorProductVersionRange
viewvcviewvc*≥1.0.0  –  <1.0.13
viewvcviewvc*≥1.1.0  –  <1.1.16
debiandebian_linux6.0any
debiandebian_linux7.0any

References 16

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062
    Issue TrackingMailing ListThird Party Advisory
  • osvdb.org http://osvdb.org/86566
    Broken Link
  • secunia.com http://secunia.com/advisories/51041
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/51072
    Third Party Advisory
  • viewvc.tigris.org http://viewvc.tigris.org/issues/show_bug.cgi?id=515
    Third Party Advisory
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792
    Third Party Advisory
  • viewvc.tigris.org http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794
    Third Party Advisory
  • debian.org http://www.debian.org/security/2012/dsa-2563
    Third Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:134
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2012/10/21/2
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2012/10/21/3
    Mailing ListThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/56161
    Third Party AdvisoryVDB Entry
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/79561
    Third Party AdvisoryVDB Entry
  • wiki.mageia.org https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.