CVE-2010-0132

Viewvc - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

References (10)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html

[Vendor Advisory] http://secunia.com/advisories/38918

[Vendor Advisory] http://secunia.com/secunia_research/2010-26/

[Various Sources] http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2010/0743

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/0844

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/510408/100/0/threaded

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html

Scores

EPSS 0.0060

EPSS Percentile 69.3%

Classification

CWE

CWE-79

Status published

Affected Products (17)

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

viewvc/viewvc

... and 2 more

Timeline

Published Mar 31, 2010

Tracked Since Feb 18, 2026