Usvn
Products
2- 7 CVEs
- 3 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17363 | Cri | 0.65 | 9.9 | 0.04 | Dec 31, 2020 | USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. | ||
| CVE-2020-25069 | Cri | 0.64 | 9.8 | 0.02 | Sep 1, 2020 | USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. | ||
| CVE-2020-25070 | Hig | 0.57 | 8.8 | 0.00 | Sep 1, 2020 | USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. | ||
| CVE-2020-17364 | Med | 0.40 | 6.1 | 0.01 | Aug 5, 2020 | USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | ||
| CVE-2018-0695 | Med | 0.40 | 6.1 | 0.01 | Nov 15, 2018 | Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2024-37879 | Med | 0.24 | 4.8 | 0.00 | Sep 20, 2024 | Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". | ||
| CVE-2014-4719 | 0.00 | — | 0.01 | Jul 3, 2014 | Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||
| CVE-2007-5945 | 0.00 | — | 0.01 | Nov 14, 2007 | USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. |
- risk 0.65cvss 9.9epss 0.04
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
- risk 0.64cvss 9.8epss 0.02
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.
- risk 0.57cvss 8.8epss 0.00
USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.
- risk 0.40cvss 6.1epss 0.01
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.24cvss 4.8epss 0.00
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
- CVE-2014-4719Jul 3, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field.
- CVE-2007-5945Nov 14, 2007risk 0.00cvss —epss 0.01
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.