NotCVE - vendor:"Reviewboard" product:"Review Board" version:"1.7.13"

4 results (0.010 seconds)

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

CVE-2013-4409

https://notcve.org/view.php?id=CVE-2013-4409

04 Nov 2019 — An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-5028

https://notcve.org/view.php?id=CVE-2014-5028

29 Mar 2018 — The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. Los recursos Original File y Patched File en Review Board, en versiones 1.7.x anteriores a la 1.7.27 y versiones 2.0.x anteriores a la 2.0.4, permiten que usuarios autenticados remotos omitan las restricciones de acceso planeadas y obtengan... • http://www.openwall.com/lists/oss-security/2014/07/22/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0

CVE-2014-5027 – Debian Security Advisory 3007-1

https://notcve.org/view.php?id=CVE-2014-5027

25 Jul 2014 — Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. Vulnerabilidad de XSS en Review Board 1.7.x anterior a 1.7.27 y 2.0.x anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de consulta en una página de fragmento diferente. Multiple security issues (cross-site scripting, missing i... • http://seclists.org/oss-sec/2014/q3/207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0

CVE-2013-4519

https://notcve.org/view.php?id=CVE-2013-4519

15 Nov 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file. Múltiples vulnerabilidades de XSS en Review Board 1.6.x anterior a la versión 1.6.21 y 1.7.x anterior a 1.7.17 permite a atacantes remotos inyectar script web o HTML arbitrario a través del (1) campo Branch o (2) título de un archivo cargado. • http://osvdb.org/99512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •