CVE-2010-0736

NameCVE-2010-0736
DescriptionCross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs575787

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
viewvc (PTS)buster1.1.26-1fixed
buster (security)1.1.26-1+deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
viewvcsource(unstable)1.1.5-1575787
Search for package or bug name: Reporting problems