Cvsweb Developer Cvsweb vulnerabilities
2 known vulnerabilities affecting cvsweb_developer/cvsweb.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2000-0670P4HIGHCVSS 7.2PoCv1.802000-07-12
CVE-2000-0670 [HIGH] CVE-2000-0670: The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository t
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
nvd
CVE-2018-1000998P4MEDIUMCVSS 6.1≥ 0, < 3:3.0.0-12019-02-04
CVE-2018-1000998 [MEDIUM] CVE-2018-1000998: FreeBSD CVSweb version 2
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.
osv