Websvn

websvn

Vendor: Websvn • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-2195 1Websvn 1Websvn Nov 21, 2024 Oct 26, 2021 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary...Show more A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.Show less
CVE-2021-32305 1Websvn 1Websvn Nov 21, 2024 May 18, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVE-2016-1236 2Debian Websvn 2Debian Linux Websvn May 6, 2026 May 11, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a...Show more Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.Show less
CVE-2016-2511 2Debian Websvn 2Debian Linux Websvn May 6, 2026 Apr 7, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
CVE-2013-6892 2Debian Websvn 2Debian Linux Websvn May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2011-5221 1Websvn 1Websvn Apr 29, 2026 Oct 25, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, o...Show more Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.Show less
CVE-2007-3056 1Websvn 1Websvn Apr 23, 2026 Jun 6, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.