Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by websvn
CVE-2011-2195 (GCVE-0-2011-2195)
Vulnerability from cvelistv5 – Published: 2021-10-26 12:10 – Updated: 2024-08-06 22:53
VLAI
Summary
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/bugtraq/2011/Jun/34 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2011/Jun/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "websvn",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "websvn 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WebSVN 2.3.2. Without prior authentication, if the \u0027allowDownload\u0027 option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed \u0027path\u0027 argument to execute arbitrary commands against the underlying operating system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-26T12:10:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2011/Jun/34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "websvn",
"version": {
"version_data": [
{
"version_value": "websvn 2.3.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in WebSVN 2.3.2. Without prior authentication, if the \u0027allowDownload\u0027 option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed \u0027path\u0027 argument to execute arbitrary commands against the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/bugtraq/2011/Jun/34",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2011/Jun/34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2195",
"datePublished": "2021-10-26T12:10:00.000Z",
"dateReserved": "2011-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:53:17.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32305 (GCVE-0-2021-32305)
Vulnerability from cvelistv5 – Published: 2021-05-18 16:11 – Updated: 2024-08-03 23:17
VLAI
Summary
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/websvnphp/websvn/pull/142 | x_refsource_MISC |
| http://packetstormsecurity.com/files/163225/Websv… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/websvnphp/websvn/pull/142"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T20:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/websvnphp/websvn/pull/142"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/websvnphp/websvn/pull/142",
"refsource": "MISC",
"url": "https://github.com/websvnphp/websvn/pull/142"
},
{
"name": "http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32305",
"datePublished": "2021-05-18T16:11:10.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1236 (GCVE-0-2016-1236)
Vulnerability from cvelistv5 – Published: 2016-05-11 21:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1333673 | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3572 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2016-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160506 CVE-2016-1236 - XSS Vulnerability in websvn 2.3.3-1.2+deb8u1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/05/22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333673"
},
{
"name": "DSA-3572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-11T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20160506 CVE-2016-1236 - XSS Vulnerability in websvn 2.3.3-1.2+deb8u1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/05/22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333673"
},
{
"name": "DSA-3572",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160506 CVE-2016-1236 - XSS Vulnerability in websvn 2.3.3-1.2+deb8u1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/05/22"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1333673",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333673"
},
{
"name": "DSA-3572",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1236",
"datePublished": "2016-05-11T21:00:00.000Z",
"dateReserved": "2015-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2511 (GCVE-0-2016-2511)
Vulnerability from cvelistv5 – Published: 2016-04-07 21:00 – Updated: 2024-08-05 23:32
VLAI
Summary
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/135886/WebSV… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.debian.org/security/2016/dsa-3490 | vendor-advisoryx_refsource_DEBIAN |
| http://seclists.org/fulldisclosure/2016/Feb/99 | mailing-listx_refsource_FULLDISC |
Date Public
2016-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html"
},
{
"name": "FEDORA-2016-657a1305aa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html"
},
{
"name": "DSA-3490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3490"
},
{
"name": "20160222 Vulnerability in WebSVN 2.3.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/99"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html"
},
{
"name": "FEDORA-2016-657a1305aa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html"
},
{
"name": "DSA-3490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3490"
},
{
"name": "20160222 Vulnerability in WebSVN 2.3.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/99"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html"
},
{
"name": "FEDORA-2016-657a1305aa",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html"
},
{
"name": "DSA-3490",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3490"
},
{
"name": "20160222 Vulnerability in WebSVN 2.3.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/99"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2511",
"datePublished": "2016-04-07T21:00:00.000Z",
"dateReserved": "2016-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6892 (GCVE-0-2013-6892)
Vulnerability from cvelistv5 – Published: 2015-01-21 18:00 – Updated: 2024-08-06 17:53
VLAI
Summary
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/62233 | third-party-advisoryx_refsource_SECUNIA |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| http://www.debian.org/security/2015/dsa-3137 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2015-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62233"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682"
},
{
"name": "DSA-3137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-13T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62233"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682"
},
{
"name": "DSA-3137",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62233"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682"
},
{
"name": "DSA-3137",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6892",
"datePublished": "2015-01-21T18:00:00.000Z",
"dateReserved": "2013-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5221 (GCVE-0-2011-5221)
Vulnerability from cvelistv5 – Published: 2012-10-25 17:00 – Updated: 2024-08-07 00:30
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/51109 | vdb-entryx_refsource_BID |
| http://websvn.tigris.org/issues/show_bug.cgi?id=275 | x_refsource_CONFIRM |
| http://osvdb.org/77942 | vdb-entryx_refsource_OSVDB |
| http://st2tea.blogspot.com/2011/12/websvn-cross-s… | x_refsource_MISC |
| http://www.securitytracker.com/id?1026438 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/47288 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/77941 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/77943 | vdb-entryx_refsource_OSVDB |
Date Public
2011-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:30:46.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.tigris.org/issues/show_bug.cgi?id=275"
},
{
"name": "77942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html"
},
{
"name": "1026438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026438"
},
{
"name": "47288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47288"
},
{
"name": "77941",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77941"
},
{
"name": "websvn-path-xss(71888)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71888"
},
{
"name": "77943",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/77943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.tigris.org/issues/show_bug.cgi?id=275"
},
{
"name": "77942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html"
},
{
"name": "1026438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026438"
},
{
"name": "47288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47288"
},
{
"name": "77941",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77941"
},
{
"name": "websvn-path-xss(71888)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71888"
},
{
"name": "77943",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/77943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51109"
},
{
"name": "http://websvn.tigris.org/issues/show_bug.cgi?id=275",
"refsource": "CONFIRM",
"url": "http://websvn.tigris.org/issues/show_bug.cgi?id=275"
},
{
"name": "77942",
"refsource": "OSVDB",
"url": "http://osvdb.org/77942"
},
{
"name": "http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html"
},
{
"name": "1026438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026438"
},
{
"name": "47288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47288"
},
{
"name": "77941",
"refsource": "OSVDB",
"url": "http://osvdb.org/77941"
},
{
"name": "websvn-path-xss(71888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71888"
},
{
"name": "77943",
"refsource": "OSVDB",
"url": "http://osvdb.org/77943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5221",
"datePublished": "2012-10-25T17:00:00.000Z",
"dateReserved": "2012-10-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:30:46.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3056 (GCVE-0-2007-3056)
Vulnerability from cvelistv5 – Published: 2007-06-06 01:00 – Updated: 2024-08-07 14:05
VLAI
Summary
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=180879 | x_refsource_MISC |
| http://www.securityfocus.com/bid/24310 | vdb-entryx_refsource_BID |
| http://osvdb.org/36409 | vdb-entryx_refsource_OSVDB |
| http://websvn.tigris.org/servlets/ReadMsg?list=de… | x_refsource_CONFIRM |
| http://secunia.com/advisories/25532 | third-party-advisoryx_refsource_SECUNIA |
| http://www.attrition.org/pipermail/vim/2007-Augus… | mailing-listx_refsource_VIM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.nabble.com/CVE-2007-3056-tf4246678.html | x_refsource_CONFIRM |
| http://securitytracker.com/id?1018601 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-06-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:27.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "24310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24310"
},
{
"name": "36409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.tigris.org/servlets/ReadMsg?list=dev\u0026msgNo=1328"
},
{
"name": "25532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25532"
},
{
"name": "20070823 ACK for CVE-2007-3056 (WebSVN)",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001771.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "websvn-filedetails-xss(34726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34726"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/CVE-2007-3056-tf4246678.html"
},
{
"name": "1018601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "24310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24310"
},
{
"name": "36409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.tigris.org/servlets/ReadMsg?list=dev\u0026msgNo=1328"
},
{
"name": "25532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25532"
},
{
"name": "20070823 ACK for CVE-2007-3056 (WebSVN)",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-August/001771.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "websvn-filedetails-xss(34726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34726"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/CVE-2007-3056-tf4246678.html"
},
{
"name": "1018601",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=180879",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "24310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24310"
},
{
"name": "36409",
"refsource": "OSVDB",
"url": "http://osvdb.org/36409"
},
{
"name": "http://websvn.tigris.org/servlets/ReadMsg?list=dev\u0026msgNo=1328",
"refsource": "CONFIRM",
"url": "http://websvn.tigris.org/servlets/ReadMsg?list=dev\u0026msgNo=1328"
},
{
"name": "25532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25532"
},
{
"name": "20070823 ACK for CVE-2007-3056 (WebSVN)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001771.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=180879",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=180879"
},
{
"name": "websvn-filedetails-xss(34726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34726"
},
{
"name": "http://www.nabble.com/CVE-2007-3056-tf4246678.html",
"refsource": "CONFIRM",
"url": "http://www.nabble.com/CVE-2007-3056-tf4246678.html"
},
{
"name": "1018601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3056",
"datePublished": "2007-06-06T01:00:00.000Z",
"dateReserved": "2007-06-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:27.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}