13 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Se presenta una vulnerabilidad de tipo cross-Site Scripting (XSS) en las versiones de Review Board 3.0.20 y 4.0 RC1 y anteriores. Un atacante autenticado puede inyectar código Javascript malicioso cuando es usada la edición de Markdown dentro de la aplicación, que permanece persistente • https://mattschmidt.net/2021/04/14/review-board-xss-discovered https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21 https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2 https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request ReviewBoard versión 1.6.17, permite una ejecución de código adjuntando scripts PHP en una petición de revisión • http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard https://exchange.xforce.ibmcloud.com/vulnerabilities/86411 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Review Board: URL processing gives unauthorized users access to review lists Review Board: el procesamiento de URL otorga acceso a usuarios no autorizados en listas de revisión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63023 https://access.redhat.com/security/cve/cve-2013-4411 https:/& • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

ReviewBoard: has an access-control problem in REST API ReviewBoard: presenta un problema de control de acceso en la API REST. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63022 https://access.redhat.com/security/cve/cve-2013-4410 https:/& • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63029 https://access.redhat.com/security/cve/cve-2013-4409 https:/& • CWE-20: Improper Input Validation •