Cmpilato

**Name of the Vulnerable Software and Affected Versions** ViewVC versions prior to 1.0.14 ViewVC versions 1.1.x prior to 1.1.26 **Description** A cross-site scripting (XSS) issue exists in the nav path function in lib/viewvc.py, allowing remote attackers to inject arbitrary web script or HTML via the `nav data` name. **Recommendations** For versions prior to 1.0.14, update to version 1.0.14 or later. For versions 1.1.x prior to 1.1.26, update to version 1.1.26 or later.