Home > Vulnerability Database > CVE-2012-4533

Mend.io Vulnerability Database

CVE-2012-4533

Date: November 18, 2012

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

Language: Python

Severity Score

3.7

Related Resources (19)

Url: http://secunia.com/advisories/51072

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4533

Url: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794

Url: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792

Url: http://www.debian.org/security/2012/dsa-2563

Url: http://secunia.com/advisories/51041

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:134

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4533

Url: http://www.securityfocus.com/bid/56161

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/79561

Url: http://www.openwall.com/lists/oss-security/2012/10/21/3

Url: http://www.openwall.com/lists/oss-security/2012/10/21/2

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062

Url: http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES

Url: http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES

Url: http://viewvc.tigris.org/issues/show_bug.cgi?id=515

Url: http://osvdb.org/86566

Url: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313

Url: https://www.mend.io/vulnerability-database/CVE-2012-4533

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4533

Date: November 18, 2012

Language: Python

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?