3 results (0.010 seconds)

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63029 https://access.redhat.com/security/cve/cve-2013-4409 https:/& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. Vulnerabilidad de XSS en gravatars/templatetags/gravatars.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de pantalla de usuario. • http://seclists.org/oss-sec/2014/q2/494 http://seclists.org/oss-sec/2014/q2/498 http://secunia.com/advisories/58691 https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7 https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. Vulnerabilidad de XSS en util/templatetags/djblets_js.py en Djblets anterior a 0.7.30 y 0.8.x anterior a 0.8.3 para Django, utilizado en Review Board, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un objeto JSON, tal y como fue demostrado por el campo de nombre cuando se cambia un nombre de usuario. • http://seclists.org/oss-sec/2014/q2/494 http://seclists.org/oss-sec/2014/q2/498 http://secunia.com/advisories/58691 http://www.securityfocus.com/bid/67932 https://code.google.com/p/reviewboard/issues/detail?id=3406 https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •