Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-22464

Опубликовано: 04 янв. 2023
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version).

ViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path "copyfrom paths" during rendering. Locate in your template set's revision.ezt file references to those changed paths, and wrap

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*
Версия до 1.1.30 (исключая)
cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.2.3 (исключая)

EPSS

Процентиль: 77%
0.0101
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2023-22464

CVSS3: 5.4
ubuntu
около 3 лет назад

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version). ViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path "copyfrom paths" during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wr...

debian логотип

CVE-2023-22464

CVSS3: 5.4
debian
около 3 лет назад

ViewVC is a browser interface for CVS and Subversion version control r ...

EPSS

Процентиль: 77%
0.0101
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79
CWE-79