fkie_nvd - fkie_cve-2012-4533

fkie_cve-2012-4533

Vulnerability from fkie_nvd

Published

2012-11-19 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062	Issue Tracking, Mailing List, Third Party Advisory
secalert@redhat.com	http://osvdb.org/86566	Broken Link
secalert@redhat.com	http://secunia.com/advisories/51041	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/51072	Third Party Advisory
secalert@redhat.com	http://viewvc.tigris.org/issues/show_bug.cgi?id=515	Third Party Advisory
secalert@redhat.com	http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES
secalert@redhat.com	http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES
secalert@redhat.com	http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792	Third Party Advisory
secalert@redhat.com	http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2012/dsa-2563	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:134	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/10/21/2	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/10/21/3	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/56161	Third Party Advisory, VDB Entry
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/79561	Third Party Advisory, VDB Entry
secalert@redhat.com	https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062	Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/86566	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51041	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51072	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://viewvc.tigris.org/issues/show_bug.cgi?id=515	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES
af854a3a-2127-422b-91ae-364da2661108	http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2563	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:134	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/10/21/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/10/21/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56161	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/79561	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313	Third Party Advisory

Impacted products

Vendor	Product	Version
viewvc	viewvc	*
viewvc	viewvc	*
debian	debian_linux	6.0
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37BA9607-E687-4720-A24E-7AD9F6C6ABEE",
              "versionEndExcluding": "1.0.13",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1981E5-8550-4B67-8FA2-F98373B03AA0",
              "versionEndExcluding": "1.1.16",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the \"extra\" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the \"function name\" line."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en los detalles \"extra\" en la funci\u00f3n DiffSource._get_row en lib/viewvc.py en ViewVC v1.0.x antes de v1.0.13 y v1.1.x antes de v1.1.16 permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con acceso al repositorio de versiones a trav\u00e9s de la l\u00ednea nombre de funci\u00f3n (function name\").\r\n"
    }
  ],
  "id": "CVE-2012-4533",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-19T00:55:00.900",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/86566"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51041"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51072"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=515"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2792"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2563"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/10/21/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/10/21/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56161"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79561"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/86566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/51072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/issues/show_bug.cgi?id=515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev\u0026revision=2794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2012/dsa-2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/10/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/10/21/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79561"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-4533 (GCVE-0-2012-4533)

Vulnerability from cvelistv5

Published

2012-11-19 00:00