viewvc

Top products

The 15 most recently published vulnerabilities affecting viewvc.

• CVE-2025-54141ViewVC's standalone server exposes arbitrary server filesystem content7.5Jul 22, 2025
• CVE-2023-22464ViewVC XSS vulnerability in revision view changed path "copyfrom" locations5.4Jan 4, 2023
• CVE-2023-22456ViewVC XSS vulnerability in revision view changed paths6.1Jan 3, 2023
• CVE-2020-5283XSS vulnerability in CVS show_subdir_lastmod support3.1Apr 3, 2020
• CVE-2007-5743viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.7.5Nov 7, 2019
• CVE-2017-5938Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via...6.1Mar 15, 2017
• CVE-2012-4533Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticate...4.3Nov 19, 2012
• CVE-2012-3357The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attacker...5.0Jul 22, 2012
• CVE-2012-3356The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions vi...5.0Jul 22, 2012
• CVE-2009-5024ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by ...5.0May 23, 2011
• CVE-2010-0132Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary w...2.6Mar 31, 2010
• CVE-2010-0736Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or H...4.3Mar 19, 2010
• CVE-2010-0005query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access...7.5Jan 29, 2010
• CVE-2010-0004ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.5.0Jan 29, 2010
• CVE-2009-3619Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."5.0Nov 10, 2009