8 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Se presenta una vulnerabilidad de tipo cross-Site Scripting (XSS) en las versiones de Review Board 3.0.20 y 4.0 RC1 y anteriores. Un atacante autenticado puede inyectar código Javascript malicioso cuando es usada la edición de Markdown dentro de la aplicación, que permanece persistente • https://mattschmidt.net/2021/04/14/review-board-xss-discovered https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21 https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2 https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63029 https://access.redhat.com/security/cve/cve-2013-4409 https:/& • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. Los recursos Original File y Patched File en Review Board, en versiones 1.7.x anteriores a la 1.7.27 y versiones 2.0.x anteriores a la 2.0.4, permiten que usuarios autenticados remotos omitan las restricciones de acceso planeadas y obtengan información sensible de archivos de repositorios aprovechando el conocimiento de las ID de la base de datos. • http://www.openwall.com/lists/oss-security/2014/07/22/12 https://bugzilla.redhat.com/show_bug.cgi?id=1123692 https://exchange.xforce.ibmcloud.com/vulnerabilities/94813 https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0

Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. Vulnerabilidad de XSS en Review Board 1.7.x anterior a 1.7.27 y 2.0.x anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de consulta en una página de fragmento diferente. • http://seclists.org/oss-sec/2014/q3/207 http://seclists.org/oss-sec/2014/q3/219 http://secunia.com/advisories/60243 http://www.securityfocus.com/bid/68858 https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. Vulnerabilidad de XSS en la lista Submitters en Review Board 1.6.x anterior a 1.6.18 y 1.7.x anterior a 1.7.12 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre completo de usuario. • http://osvdb.org/show/osvdb/96170 http://seclists.org/bugtraq/2013/Aug/69 http://secunia.com/advisories/54272 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12 http://www.securityfocus.com/bid/61750 http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard https://exchange.xforce.ibmcloud.com/vulnerabilities/86410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •