← Back

Usvn

usvn

7 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Usvn
usvn
4 CVEs
User Friendly Svn
user-friendly_svn
3 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-17363
1Usvn
1Usvn
Nov 21, 2024
Dec 31, 2020
N/A· v4
9.9 CRITICAL· v3
9.0 HIGH· v2
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOT...Show more
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.Show less
CVE-2020-25070
1Usvn
1Usvn
Nov 21, 2024
Sep 1, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.
CVE-2020-25069
1Usvn
1Usvn
Nov 21, 2024
Sep 1, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.
CVE-2020-17364
1Usvn
1User Friendly Svn
Nov 21, 2024
Aug 5, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
CVE-2018-0695
1Usvn
1Usvn
Nov 21, 2024
Nov 15, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4719
1Usvn
1User Friendly Svn
May 6, 2026
Jul 3, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2007-5945
1Usvn
1User Friendly Svn
Apr 23, 2026
Nov 14, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.