MidnightBSD

Advisories for websvn

CVE-2013-6892 LOW

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
websvn websvn 2.3.3
debian debian_linux 7.0
CVE-2016-1236 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
websvn websvn *
debian debian_linux 8.0
CVE-2016-2511 MEDIUM

Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
websvn websvn *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2021-32305 HIGH

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
websvn websvn *