Nicolás Alvarez

**Name of the Vulnerable Software and Affected Versions** ViewVC versions 1.0.x through 1.0.12 ViewVC versions 1.1.x through 1.1.15 **Description** The issue allows remote authenticated users with repository commit access to inject arbitrary web script or HTML. This can be achieved via the `function name` line in the `extra` details in the `DiffSource. get row` function in `lib/viewvc.py`. The vulnerability may lead to a breach of protected information and can be exploited remotely. **Recommendations** For ViewVC versions 1.0.x through 1.0.12, update to version 1.0.13 or later. For ViewVC versions 1.1.x through 1.1.15, update to version 1.1.16 or later.