CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5028
https://notcve.org/view.php?id=CVE-2014-5028
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. Los recursos Original File y Patched File en Review Board, en versiones 1.7.x anteriores a la 1.7.27 y versiones 2.0.x anteriores a la 2.0.4, permiten que usuarios autenticados remotos omitan las restricciones de acceso planeadas y obtengan información sensible de archivos de repositorios aprovechando el conocimiento de las ID de la base de datos. • http://www.openwall.com/lists/oss-security/2014/07/22/12 https://bugzilla.redhat.com/show_bug.cgi?id=1123692 https://exchange.xforce.ibmcloud.com/vulnerabilities/94813 https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2014-5027
https://notcve.org/view.php?id=CVE-2014-5027
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. Vulnerabilidad de XSS en Review Board 1.7.x anterior a 1.7.27 y 2.0.x anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de consulta en una página de fragmento diferente. • http://seclists.org/oss-sec/2014/q3/207 http://seclists.org/oss-sec/2014/q3/219 http://secunia.com/advisories/60243 http://www.securityfocus.com/bid/68858 https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2014-3995
https://notcve.org/view.php?id=CVE-2014-3995
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. Vulnerabilidad de XSS en gravatars/templatetags/gravatars.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de pantalla de usuario. • http://seclists.org/oss-sec/2014/q2/494 http://seclists.org/oss-sec/2014/q2/498 http://secunia.com/advisories/58691 https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7 https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3994
https://notcve.org/view.php?id=CVE-2014-3994
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. Vulnerabilidad de XSS en util/templatetags/djblets_js.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django, utilizado en Review Board, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un objeto JSON, tal y como fue demostrado por el campo de nombre cuando se cambia un nombre de usuario. • http://seclists.org/oss-sec/2014/q2/494 http://seclists.org/oss-sec/2014/q2/498 http://secunia.com/advisories/58691 http://www.securityfocus.com/bid/67932 https://code.google.com/p/reviewboard/issues/detail?id=3406 https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2013-4795
https://notcve.org/view.php?id=CVE-2013-4795
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. Vulnerabilidad de XSS en la lista Submitters en Review Board 1.6.x anterior a 1.6.18 y 1.7.x anterior a 1.7.12 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre completo de usuario. • http://osvdb.org/show/osvdb/96170 http://seclists.org/bugtraq/2013/Aug/69 http://secunia.com/advisories/54272 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12 http://www.securityfocus.com/bid/61750 http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard https://exchange.xforce.ibmcloud.com/vulnerabilities/86410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •