CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31330
https://notcve.org/view.php?id=CVE-2021-31330
11 May 2022 — A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Se presenta una vulnerabilidad de tipo cross-Site Scripting (XSS) en las versiones de Review Board 3.0.20 y 4.0 RC1 y anteriores. Un atacante autenticado puede inyectar código Javascript malicioso cuando es usada la edición de Markdown dentro de la aplicación, ... • https://mattschmidt.net/2021/04/14/review-board-xss-discovered • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4796
https://notcve.org/view.php?id=CVE-2013-4796
27 Dec 2019 — ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request ReviewBoard versión 1.6.17, permite una ejecución de código adjuntando scripts PHP en una petición de revisión • http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4411
https://notcve.org/view.php?id=CVE-2013-4411
03 Dec 2019 — Review Board: URL processing gives unauthorized users access to review lists Review Board: el procesamiento de URL otorga acceso a usuarios no autorizados en listas de revisión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2013-4410
https://notcve.org/view.php?id=CVE-2013-4410
02 Dec 2019 — ReviewBoard: has an access-control problem in REST API ReviewBoard: presenta un problema de control de acceso en la API REST. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2013-4409
https://notcve.org/view.php?id=CVE-2013-4409
04 Nov 2019 — An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5028
https://notcve.org/view.php?id=CVE-2014-5028
29 Mar 2018 — The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. Los recursos Original File y Patched File en Review Board, en versiones 1.7.x anteriores a la 1.7.27 y versiones 2.0.x anteriores a la 2.0.4, permiten que usuarios autenticados remotos omitan las restricciones de acceso planeadas y obtengan... • http://www.openwall.com/lists/oss-security/2014/07/22/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2014-5027 – Debian Security Advisory 3007-1
https://notcve.org/view.php?id=CVE-2014-5027
25 Jul 2014 — Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. Vulnerabilidad de XSS en Review Board 1.7.x anterior a 1.7.27 y 2.0.x anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro de consulta en una página de fragmento diferente. Multiple security issues (cross-site scripting, missing i... • http://seclists.org/oss-sec/2014/q3/207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3994
https://notcve.org/view.php?id=CVE-2014-3994
16 Jun 2014 — Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. Vulnerabilidad de XSS en util/templatetags/djblets_js.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django, utilizado en Review Board, permite a atacantes remotos inyectar secuencias de comand... • http://seclists.org/oss-sec/2014/q2/494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2014-3995
https://notcve.org/view.php?id=CVE-2014-3995
16 Jun 2014 — Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. Vulnerabilidad de XSS en gravatars/templatetags/gravatars.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de pantalla de usuario. • http://seclists.org/oss-sec/2014/q2/494 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2013-4795
https://notcve.org/view.php?id=CVE-2013-4795
11 Apr 2014 — Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. Vulnerabilidad de XSS en la lista Submitters en Review Board 1.6.x anterior a 1.6.18 y 1.7.x anterior a 1.7.12 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un nombre completo de usuario. • http://osvdb.org/show/osvdb/96170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •