CVE-2012-4533

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-4533
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 Mailing List Issue Tracking Third Party Advisory
http://osvdb.org/86566 Broken Link
http://secunia.com/advisories/51041 Third Party Advisory
http://secunia.com/advisories/51072 Third Party Advisory
http://viewvc.tigris.org/issues/show_bug.cgi?id=515 Third Party Advisory
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792 Third Party Advisory
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794 Third Party Advisory
http://www.debian.org/security/2012/dsa-2563 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/21/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/21/3 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/56161 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/79561 Third Party Advisory VDB Entry
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*
cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
History

13 Feb 2023, 00:26

Type Values Removed Values Added
References
  • {'url': 'http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.0.13/CHANGES', 'name': 'http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.0.13/CHANGES', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.16/CHANGES', 'name': 'http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.16/CHANGES', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES -
  • (MISC) http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES -
References (MISC) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 - Issue Tracking, Mailing List, Third Party Advisory (MISC) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 - Mailing List, Issue Tracking, Third Party Advisory
Information

Published : 2012-11-19 00:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-4533

Mitre link : CVE-2012-4533

CVE.ORG link : CVE-2012-4533

JSON object : View

Products Affected

debian

  • debian_linux

viewvc

  • viewvc
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')