CVE-2012-4533

Name of the Vulnerable Software and Affected Versions ViewVC versions 1.0.x through 1.0.12 ViewVC versions 1.1.x through 1.1.15

Description The issue allows remote authenticated users with repository commit access to inject arbitrary web script or HTML. This can be achieved via the function name line in the extra details in the DiffSource. get row function in lib/viewvc.py. The vulnerability may lead to a breach of protected information and can be exploited remotely.

Recommendations For ViewVC versions 1.0.x through 1.0.12, update to version 1.0.13 or later. For ViewVC versions 1.1.x through 1.1.15, update to version 1.1.16 or later.