{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD"}, {"name": "FEDORA-2010-5524", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"}, {"name": "FEDORA-2010-5507", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"}, {"name": "SUSE-SR:2010:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2010-26/"}, {"name": "FEDORA-2010-5805", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"}, {"name": "38918", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38918"}, {"name": "ADV-2010-0844", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0844"}, {"name": "ADV-2010-0743", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0743"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2010-0132", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100330 Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"}, {"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD", "refsource": "CONFIRM", "url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD"}, {"name": "FEDORA-2010-5524", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"}, {"name": "FEDORA-2010-5507", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"}, {"name": "SUSE-SR:2010:009", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"}, {"name": "http://secunia.com/secunia_research/2010-26/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2010-26/"}, {"name": "FEDORA-2010-5805", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"}, {"name": "38918", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38918"}, {"name": "ADV-2010-0844", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0844"}, {"name": "ADV-2010-0743", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0743"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2010-0132", "datePublished": "2010-03-31T17:35:00", "dateReserved": "2010-01-04T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "59DBEDF6-248F-4850-B50C-61835DB89374", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "007977CF-1BF9-4713-AFDF-50DEE2530AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "793F6DB3-A6C2-4813-BD2D-AF34D85F6CCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1B6F2BC5-D099-427C-9513-75551ABF1997", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4748AA05-D2ED-4365-83AE-74CD33592B5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "91ADB624-1826-405C-BB1E-3D286ED03D5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4AE31C7-1929-48A4-8A3A-860A110E4820", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F71721BF-9010-4595-96F8-CF499B0FFE6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "96AD0DD2-206B-4231-B09E-9B83F6E0239E", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2A7F4AAD-EB09-47F1-A7B7-5436E766A0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "E0D457A6-C530-42AC-9BCF-640A89D9BF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ECD4F7E-011C-4E92-9D8E-AC378B204C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FE78493-E4EB-4555-BA56-A29AFE680B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C076220E-CFB1-44B0-9884-840F4C5B4F9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "77350E39-A3A7-463E-BF70-D1BD99F7C23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "AB57E24E-00A7-4099-8135-64B0E165FEBF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ViewVC 1.1 en versiones anteriores a la 1.1.5 y 1.0 en versiones anteriores a la 1.0.11, cuando la funcionalidad de b\u00fasqueda con expresiones regulares est\u00e1 habilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores relacionados con \"search_re input,\" una vulnerabilidad diferente a CVE-2010-0736."}], "id": "CVE-2010-0132", "lastModified": "2018-10-10T19:51:11.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-31T18:00:00.327", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38918"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-26/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/510408/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0743"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2010/0844"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}