CVE-2010-0132: XSS
First published: Wed Mar 31 2010(Updated: )
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ViewVC | =1.0.2 | |
| ViewVC | =1.0.1 | |
| ViewVC | =1.0.5 | |
| ViewVC | =1.1.2 | |
| ViewVC | =1.0.9 | |
| ViewVC | =1.1.0 | |
| ViewVC | =1.1.1 | |
| ViewVC | =1.1.4 | |
| ViewVC | =1.0.3 | |
| ViewVC | =1.0.4 | |
| ViewVC | =1.0.6 | |
| ViewVC | =1.0.8 | |
| ViewVC | =1.0.10 | |
| ViewVC | =1.0.0 | |
| ViewVC | =1.0.7 | |
| ViewVC | =1.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2010-26/
- http://secunia.com/advisories/38918
- http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD
- http://www.vupen.com/english/advisories/2010/0743
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html
- http://www.vupen.com/english/advisories/2010/0844
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- http://www.securityfocus.com/archive/1/510408/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-0132?
CVE-2010-0132 is classified as a medium-severity cross-site scripting vulnerability.
How do I fix CVE-2010-0132?
To fix CVE-2010-0132, upgrade ViewVC to version 1.1.5 or 1.0.11 or later.
What versions of ViewVC are affected by CVE-2010-0132?
CVE-2010-0132 affects ViewVC versions 1.0.0 to 1.0.10 and versions 1.1.0 to 1.1.4.
What type of vulnerability is CVE-2010-0132?
CVE-2010-0132 is a cross-site scripting (XSS) vulnerability.
Can CVE-2010-0132 be exploited remotely?
Yes, CVE-2010-0132 can be exploited remotely by attackers through the attacked application.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/viewvc
- canonical/viewvc
- version/viewvc/1.0.2
- version/viewvc/1.0.1
- version/viewvc/1.0.5
- version/viewvc/1.1.2
- version/viewvc/1.0.9
- version/viewvc/1.1.0
- version/viewvc/1.1.1
- version/viewvc/1.1.4
- version/viewvc/1.0.3
- version/viewvc/1.0.4
- version/viewvc/1.0.6
- version/viewvc/1.0.8
- version/viewvc/1.0.10
- version/viewvc/1.0.0
- version/viewvc/1.0.7
- version/viewvc/1.1.3