CVE-2012-4533

ViewVC <1.0.13, <1.1.16 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

References (16)

Scores

EPSS 0.0091
EPSS Percentile 75.6%

Details

CWE
CWE-79
Status published
Products (4)
viewvc/viewvc < 1.0.13
debian/debian_linux
debian/debian_linux
n/a/n/a
Published Nov 19, 2012
Tracked Since Feb 18, 2026