How severe is CVE-2020-5283?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2020-5283?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2020-5283 - LOW Severity | CVSS 3.5

Vulnerability Description

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.

Related Vulnerabilities

CVE-2024-5851

MEDIUM

CVSS:3.5(Low)

A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an unknown function of the file /index.php?app=main&inc=feature_schedule&op=list of the component SMS Sched...

CWE-802024

CVE-2025-29431

LOW

CVSS:3.2(Low)

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters.

CWE-802025

CVE-2024-51472

LOW

CVSS:3.1(Low)

IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary...

CWE-802024

CVE-2025-29430

MEDIUM

CVSS:4.1(Medium)

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.

CWE-802025

CVE-2024-34398

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.

CWE-802024

CVE-2023-45053

MEDIUM

CVSS:4.3(Medium)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue ...

CWE-802023