CVE-2012-4533

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-4533
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-4533.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2012-4533
Related
Withdrawn
2024-06-30T13:40:12.273159Z
Published
2012-11-19T00:55:00Z
Modified
2024-04-11T07:40:48Z
Downstream
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource.getrow function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

References

Affected packages

Debian:10 / viewvc

Package

Name
viewvc
Purl
pkg:deb/debian/viewvc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.5-1.4

Ecosystem specific

{
    "urgency": "low"
}