NVD

Id
12282  
Name
CVE-2010-0736  
Description
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-03-19  
Modified Date
2010-03-22  
Seq
2010-0736  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
67600 12282 CVE-2010-0736 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313&r2=2342&pathrev=HEAD  View
67601 12282 CVE-2010-0736 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2326  View
67602 12282 CVE-2010-0736 [oss-security] 20100310 CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input  View
67603 12282 CVE-2010-0736 [oss-security] 20100316 Re: CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
39502 JVNDB-2010-005287 ViewVC の lib/viewvc.py におけるクロスサイトスクリプティングの脆弱性 ViewVC の lib/viewvc.py の view_queryform 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2010-0736 43316 CVE-2010-0736 12282 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-005287.html 2010-02-10 2012-12-20 View