Unrated severityNVD Advisory· Published Nov 19, 2012· Updated Apr 29, 2026
CVE-2012-4533
CVE-2012-4533
Description
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
Affected products
3cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingMailing ListThird Party Advisory
- secunia.com/advisories/51041nvdThird Party Advisory
- secunia.com/advisories/51072nvdThird Party Advisory
- viewvc.tigris.org/issues/show_bug.cginvdThird Party Advisory
- viewvc.tigris.org/source/browse/viewvcnvdThird Party Advisory
- viewvc.tigris.org/source/browse/viewvcnvdThird Party Advisory
- www.debian.org/security/2012/dsa-2563nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2012/10/21/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2012/10/21/3nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/56161nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/79561nvdThird Party AdvisoryVDB Entry
- wiki.mageia.org/en/Support/Advisories/MGASA-2012-0313nvdThird Party Advisory
- osvdb.org/86566nvdBroken Link
- viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGESnvd
- viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGESnvd
News mentions
0No linked articles in our index yet.