CVE-2012-4533
Last modified
CVE-2012-4533 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.. EPSS estimates a 3.08% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Viewvc | Viewvc | >= 1.0.0, < 1.0.13 |
| Viewvc | Viewvc | >= 1.1.0, < 1.1.16 |
| Debian | Debian Linux | 6.0 |
| Debian | Debian Linux | 7.0 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062Issue Tracking, Mailing List, Third Party Advisory
- http://osvdb.org/86566Broken Link
- http://secunia.com/advisories/51041Third Party Advisory
- http://secunia.com/advisories/51072Third Party Advisory
- http://viewvc.tigris.org/issues/show_bug.cgi?id=515Third Party Advisory
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792Third Party Advisory
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794Third Party Advisory
- http://www.debian.org/security/2012/dsa-2563Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:134Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/10/21/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/10/21/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/56161Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79561Third Party Advisory, VDB Entry
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313Third Party Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062Issue Tracking, Mailing List, Third Party Advisory
- http://osvdb.org/86566Broken Link
- http://secunia.com/advisories/51041Third Party Advisory
- http://secunia.com/advisories/51072Third Party Advisory
- http://viewvc.tigris.org/issues/show_bug.cgi?id=515Third Party Advisory
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792Third Party Advisory
- http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794Third Party Advisory
- http://www.debian.org/security/2012/dsa-2563Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:134Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/10/21/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/10/21/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/56161Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79561Third Party Advisory, VDB Entry
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-4533?
How severe is CVE-2012-4533?
How do I fix CVE-2012-4533?
Are you affected by CVE-2012-4533?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST