Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4533

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4533
Last Modified 11 Feb 2014 11:39:38
Published 18 Nov 2012 07:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4533

Summary

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

Vulnerable Systems

Application

  • Viewvc 1.0.0

  • Viewvc 1.0.1

  • Viewvc 1.0.10

  • Viewvc 1.0.11

  • Viewvc 1.0.12

  • Viewvc 1.0.2

  • Viewvc 1.0.3

  • Viewvc 1.0.4

  • Viewvc 1.0.5

  • Viewvc 1.0.6

  • Viewvc 1.0.7

  • Viewvc 1.0.8

  • Viewvc 1.0.9

  • Viewvc 1.1.0

  • Viewvc 1.1.1

  • Viewvc 1.1.10

  • Viewvc 1.1.11

  • Viewvc 1.1.12

  • Viewvc 1.1.13

  • Viewvc 1.1.14

  • Viewvc 1.1.15

  • Viewvc 1.1.2

  • Viewvc 1.1.3

  • Viewvc 1.1.4

  • Viewvc 1.1.5

  • Viewvc 1.1.6

  • Viewvc 1.1.7

  • Viewvc 1.1.8

  • Viewvc 1.1.9


References

XF - viewvc-viewvc-checkins-xss(79561)

BID - 56161

MLIST - [oss-security] 20121020 Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS

MLIST - [oss-security] 20121020 CVE Request: viewvc 1.1.5 lib/viewvc.py XSS

DEBIAN - DSA-2563

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794

CONFIRM - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792

CONFIRM - http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.16/CHANGES

CONFIRM - http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.0.13/CHANGES

CONFIRM - http://viewvc.tigris.org/issues/show_bug.cgi?id=515

SECUNIA - 51072

SECUNIA - 51041

OSVDB - 86566

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313

MANDRIVA - MDVSA-2013:134


Last Updated: 27 May 2016 10:55:05