CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0240
https://notcve.org/view.php?id=CVE-2009-0240
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter. listing.php en WebSVN 2.0 y posiblemente 1.7 beta, cuando utilizan un fichero SVN authz, permite a usuarios autenticados remotamente leer changelogs o diffs para proyectos restringidos a través del parámetro modificado "repname". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191 http://secunia.com/advisories/32338 http://secunia.com/advisories/33945 http://secunia.com/advisories/34191 http://www.debian.org/security/2009/dsa-1725 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.openwall.com/lists/oss-security/2009/01/18/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/48171 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3056
https://notcve.org/view.php?id=CVE-2007-3056
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo filedetails.php en WebSVN versión 2.0rc4, y posiblemente anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro path. • http://bugs.gentoo.org/show_bug.cgi?id=180879 http://osvdb.org/36409 http://secunia.com/advisories/25532 http://securitytracker.com/id?1018601 http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328 http://www.attrition.org/pipermail/vim/2007-August/001771.html http://www.nabble.com/CVE-2007-3056-tf4246678.html http://www.securityfocus.com/bid/24310 https://exchange.xforce.ibmcloud.com/vulnerabilities/34726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •