2 results (0.001 seconds)

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63029 https://access.redhat.com/security/cve/cve-2013-4409 https:/& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el sistema de comentarios de Review Board antes de v1.5.7 y 1.6.x antes de v1.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican los componentes (1) diff viewer o (2) screenshot • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html http://secunia.com/advisories/46840 http://www.openwall.com/lists/oss-security/2011/11/15/8 http://www.openwall.com/lists/oss-security/2011/11/15/9 http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3 http://www.securityfocus.com/bid/50681 https://bugzilla.redhat.com/show_bug.cgi?id=754126 https:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •