CVE-2012-4533 — MEDIUM (4.3)

Q: How severe is CVE-2012-4533?

CVE-2012-4533 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4533?

Check the references section above for vendor advisories and patch information. Affected products include: Viewvc Viewvc, Debian Debian Linux.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Viewvc	Viewvc	>= 1.0.0, < 1.0.13
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-79

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062Issue TrackingMailing ListThird Party Advisory
http://osvdb.org/86566Broken Link
http://secunia.com/advisories/51041Third Party Advisory
http://secunia.com/advisories/51072Third Party Advisory
http://viewvc.tigris.org/issues/show_bug.cgi?id=515Third Party Advisory
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES
http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792Third Party Advisory
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2794Third Party Advisory
http://www.debian.org/security/2012/dsa-2563Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:134Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/21/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/10/21/3Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/56161Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/79561Third Party AdvisoryVDB Entry

FAQ

What is CVE-2012-4533?

CVE-2012-4533 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated u...

How severe is CVE-2012-4533?

CVE-2012-4533 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4533?

Check the references section above for vendor advisories and patch information. Affected products include: Viewvc Viewvc, Debian Debian Linux.