Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
26 vulnerabilities by reviewboard
CVE-2021-31330 (GCVE-0-2021-31330)
Vulnerability from cvelistv5 – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
VLAI
Summary
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://mattschmidt.net/2021/04/14/review-board-x… | x_refsource_MISC |
| https://www.reviewboard.org/news/2021/04/14/revie… | x_refsource_MISC |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_MISC |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
"refsource": "MISC",
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31330",
"datePublished": "2022-05-11T17:34:27.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4796 (GCVE-0-2013-4796)
Vulnerability from cvelistv5 – Published: 2019-12-27 16:24 – Updated: 2024-08-06 16:52
VLAI
Summary
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-27T16:24:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4796",
"datePublished": "2019-12-27T16:24:53.000Z",
"dateReserved": "2013-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4411 (GCVE-0-2013-4411)
Vulnerability from cvelistv5 – Published: 2019-12-03 14:39 – Updated: 2024-08-06 16:45
VLAI
Summary
Review Board: URL processing gives unauthorized users access to review lists
Severity
No CVSS data available.
CWE
- URL processing allows unauthorized users to view review lists
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4411 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63023 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Review Board | Review Board |
Affected:
through 2013-10-08
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63023"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Review Board",
"vendor": "Review Board",
"versions": [
{
"status": "affected",
"version": "through 2013-10-08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Review Board: URL processing gives unauthorized users access to review lists"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL processing allows unauthorized users to view review lists",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:39:53.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63023"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88061"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4411",
"datePublished": "2019-12-03T14:39:53.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4410 (GCVE-0-2013-4410)
Vulnerability from cvelistv5 – Published: 2019-12-02 17:36 – Updated: 2024-08-06 16:45
VLAI
Summary
ReviewBoard: has an access-control problem in REST API
Severity
No CVSS data available.
CWE
- access-control problems with REST API
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4410 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63022 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReviewBoard | ReviewBoard |
Affected:
Fixed in 1.6.19 and 1.7.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ReviewBoard",
"vendor": "ReviewBoard",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.6.19 and 1.7.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReviewBoard: has an access-control problem in REST API"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "access-control problems with REST API",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T17:36:52.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4410",
"datePublished": "2019-12-02T17:36:52.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4409 (GCVE-0-2013-4409)
Vulnerability from cvelistv5 – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
VLAI
Summary
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Severity
No CVSS data available.
CWE
- eval() vulnerability
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4409 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63029 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation; Beanbag | Djblets |
Affected:
0.7.21
|
|
| Python Software Foundation; Beanbag | Review Board |
Affected:
before 1.7.15
|
Date Public
2013-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Djblets",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "0.7.21"
}
]
},
{
"product": "Review Board",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "before 1.7.15"
}
]
}
],
"datePublic": "2013-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "eval() vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T20:45:44.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4409",
"datePublished": "2019-11-04T20:45:44.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5028 (GCVE-0-2014-5028)
Vulnerability from cvelistv5 – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
VLAI
Summary
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1123692 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.reviewboard.org/news/2014/07/22/revie… | x_refsource_CONFIRM |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
Date Public
2014-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5028",
"datePublished": "2018-03-29T18:00:00.000Z",
"dateReserved": "2014-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5027 (GCVE-0-2014-5027)
Vulnerability from cvelistv5 – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/207 | mailing-listx_refsource_MLIST |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60243 | third-party-advisoryx_refsource_SECUNIA |
| https://www.reviewboard.org/news/2014/07/22/revie… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2014/q3/219 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/68858 | vdb-entryx_refsource_BID |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
Date Public
2014-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60243"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68858"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5027",
"datePublished": "2014-07-25T19:00:00.000Z",
"dateReserved": "2014-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3995 (GCVE-0-2014-3995)
Vulnerability from cvelistv5 – Published: 2014-06-16 18:00 – Updated: 2024-08-06 11:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q2/494 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q2/498 | mailing-listx_refsource_MLIST |
| https://github.com/djblets/djblets/commit/77ac646… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58691 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/djblets/djblets/commit/e2c7911… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/50000d0… | x_refsource_CONFIRM |
Date Public
2014-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:26.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3995",
"datePublished": "2014-06-16T18:00:00.000Z",
"dateReserved": "2014-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:26.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3994 (GCVE-0-2014-3994)
Vulnerability from cvelistv5 – Published: 2014-06-16 18:00 – Updated: 2024-08-06 11:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q2/494 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q2/498 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/67932 | vdb-entryx_refsource_BID |
| https://code.google.com/p/reviewboard/issues/deta… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/77a68c0… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58691 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/djblets/djblets/commit/e2c7911… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/50000d0… | x_refsource_CONFIRM |
Date Public
2014-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:26.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67932"
},
{
"name": "https://code.google.com/p/reviewboard/issues/detail?id=3406",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"name": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3994",
"datePublished": "2014-06-16T18:00:00.000Z",
"dateReserved": "2014-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:26.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4795 (GCVE-0-2013-4795)
Vulnerability from cvelistv5 – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/show/osvdb/96170 | vdb-entryx_refsource_OSVDB |
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| http://secunia.com/advisories/54272 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/61750 | vdb-entryx_refsource_BID |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://seclists.org/bugtraq/2013/Aug/69 | mailing-listx_refsource_BUGTRAQ |
Date Public
2013-07-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96170",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61750"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4795",
"datePublished": "2014-04-11T14:00:00.000Z",
"dateReserved": "2013-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4519 (GCVE-0-2013-4519)
Vulnerability from cvelistv5 – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/55623 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/63601 | vdb-entryx_refsource_BID |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://osvdb.org/99512 | vdb-entryx_refsource_OSVDB |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://osvdb.org/99513 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63601"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"refsource": "OSVDB",
"url": "http://osvdb.org/99512"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"refsource": "OSVDB",
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4519",
"datePublished": "2013-11-15T20:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2209 (GCVE-0-2013-2209)
Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=977423 | x_refsource_CONFIRM |
| http://www.reviewboard.org/news/2013/06/22/review… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/06/24/2 | mailing-listx_refsource_MLIST |
| https://github.com/reviewboard/reviewboard/commit… | x_refsource_CONFIRM |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
Date Public
2013-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource": "CONFIRM",
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2209",
"datePublished": "2013-07-31T10:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:27:41.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4312 (GCVE-0-2011-4312)
Vulnerability from cvelistv5 – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.reviewboard.org/docs/releasenotes/dev/… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=754126 | x_refsource_CONFIRM |
| http://secunia.com/advisories/46840 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/reviewboard/reviewboard/commit… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2011/11/15/9 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/11/15/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/50681 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2011-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4312",
"datePublished": "2011-11-24T02:00:00.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31330 (GCVE-0-2021-31330)
Vulnerability from nvd – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
VLAI
Summary
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://mattschmidt.net/2021/04/14/review-board-x… | x_refsource_MISC |
| https://www.reviewboard.org/news/2021/04/14/revie… | x_refsource_MISC |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_MISC |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
"refsource": "MISC",
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31330",
"datePublished": "2022-05-11T17:34:27.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4796 (GCVE-0-2013-4796)
Vulnerability from nvd – Published: 2019-12-27 16:24 – Updated: 2024-08-06 16:52
VLAI
Summary
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-27T16:24:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard/"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4796",
"datePublished": "2019-12-27T16:24:53.000Z",
"dateReserved": "2013-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4411 (GCVE-0-2013-4411)
Vulnerability from nvd – Published: 2019-12-03 14:39 – Updated: 2024-08-06 16:45
VLAI
Summary
Review Board: URL processing gives unauthorized users access to review lists
Severity
No CVSS data available.
CWE
- URL processing allows unauthorized users to view review lists
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4411 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63023 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Review Board | Review Board |
Affected:
through 2013-10-08
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4411"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63023"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Review Board",
"vendor": "Review Board",
"versions": [
{
"status": "affected",
"version": "through 2013-10-08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Review Board: URL processing gives unauthorized users access to review lists"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL processing allows unauthorized users to view review lists",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:39:53.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4411"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63023"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88061"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4411",
"datePublished": "2019-12-03T14:39:53.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4410 (GCVE-0-2013-4410)
Vulnerability from nvd – Published: 2019-12-02 17:36 – Updated: 2024-08-06 16:45
VLAI
Summary
ReviewBoard: has an access-control problem in REST API
Severity
No CVSS data available.
CWE
- access-control problems with REST API
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4410 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63022 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ReviewBoard | ReviewBoard |
Affected:
Fixed in 1.6.19 and 1.7.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ReviewBoard",
"vendor": "ReviewBoard",
"versions": [
{
"status": "affected",
"version": "Fixed in 1.6.19 and 1.7.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReviewBoard: has an access-control problem in REST API"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "access-control problems with REST API",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T17:36:52.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88060"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4410",
"datePublished": "2019-12-02T17:36:52.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4409 (GCVE-0-2013-4409)
Vulnerability from nvd – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
VLAI
Summary
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Severity
No CVSS data available.
CWE
- eval() vulnerability
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2013-4409 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63029 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Python Software Foundation; Beanbag | Djblets |
Affected:
0.7.21
|
|
| Python Software Foundation; Beanbag | Review Board |
Affected:
before 1.7.15
|
Date Public
2013-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Djblets",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "0.7.21"
}
]
},
{
"product": "Review Board",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "before 1.7.15"
}
]
}
],
"datePublic": "2013-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "eval() vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T20:45:44.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4409",
"datePublished": "2019-11-04T20:45:44.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5028 (GCVE-0-2014-5028)
Vulnerability from nvd – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
VLAI
Summary
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1123692 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.reviewboard.org/news/2014/07/22/revie… | x_refsource_CONFIRM |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
Date Public
2014-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5028",
"datePublished": "2018-03-29T18:00:00.000Z",
"dateReserved": "2014-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5027 (GCVE-0-2014-5027)
Vulnerability from nvd – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/207 | mailing-listx_refsource_MLIST |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60243 | third-party-advisoryx_refsource_SECUNIA |
| https://www.reviewboard.org/news/2014/07/22/revie… | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2014/q3/219 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/68858 | vdb-entryx_refsource_BID |
| https://www.reviewboard.org/docs/releasenotes/rev… | x_refsource_CONFIRM |
Date Public
2014-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60243"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68858"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5027",
"datePublished": "2014-07-25T19:00:00.000Z",
"dateReserved": "2014-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3995 (GCVE-0-2014-3995)
Vulnerability from nvd – Published: 2014-06-16 18:00 – Updated: 2024-08-06 11:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q2/494 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q2/498 | mailing-listx_refsource_MLIST |
| https://github.com/djblets/djblets/commit/77ac646… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58691 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/djblets/djblets/commit/e2c7911… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/50000d0… | x_refsource_CONFIRM |
Date Public
2014-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:26.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3995",
"datePublished": "2014-06-16T18:00:00.000Z",
"dateReserved": "2014-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:26.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3994 (GCVE-0-2014-3994)
Vulnerability from nvd – Published: 2014-06-16 18:00 – Updated: 2024-08-06 11:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q2/494 | mailing-listx_refsource_MLIST |
| http://seclists.org/oss-sec/2014/q2/498 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/67932 | vdb-entryx_refsource_BID |
| https://code.google.com/p/reviewboard/issues/deta… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/77a68c0… | x_refsource_CONFIRM |
| http://secunia.com/advisories/58691 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/djblets/djblets/commit/e2c7911… | x_refsource_CONFIRM |
| https://github.com/djblets/djblets/commit/50000d0… | x_refsource_CONFIRM |
Date Public
2014-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:26.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67932"
},
{
"name": "https://code.google.com/p/reviewboard/issues/detail?id=3406",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"name": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3994",
"datePublished": "2014-06-16T18:00:00.000Z",
"dateReserved": "2014-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:04:26.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4795 (GCVE-0-2013-4795)
Vulnerability from nvd – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/show/osvdb/96170 | vdb-entryx_refsource_OSVDB |
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| http://secunia.com/advisories/54272 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/61750 | vdb-entryx_refsource_BID |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://seclists.org/bugtraq/2013/Aug/69 | mailing-listx_refsource_BUGTRAQ |
Date Public
2013-07-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96170",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61750"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4795",
"datePublished": "2014-04-11T14:00:00.000Z",
"dateReserved": "2013-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4519 (GCVE-0-2013-4519)
Vulnerability from nvd – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/55623 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/63601 | vdb-entryx_refsource_BID |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://osvdb.org/99512 | vdb-entryx_refsource_OSVDB |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://osvdb.org/99513 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63601"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"refsource": "OSVDB",
"url": "http://osvdb.org/99512"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"refsource": "OSVDB",
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4519",
"datePublished": "2013-11-15T20:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:15.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2209 (GCVE-0-2013-2209)
Vulnerability from nvd – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.tripwire.com/state-of-security/vulnera… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=977423 | x_refsource_CONFIRM |
| http://www.reviewboard.org/news/2013/06/22/review… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/06/24/2 | mailing-listx_refsource_MLIST |
| https://github.com/reviewboard/reviewboard/commit… | x_refsource_CONFIRM |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
| http://www.reviewboard.org/docs/releasenotes/revi… | x_refsource_CONFIRM |
Date Public
2013-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource": "CONFIRM",
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2209",
"datePublished": "2013-07-31T10:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:27:41.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4312 (GCVE-0-2011-4312)
Vulnerability from nvd – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.reviewboard.org/docs/releasenotes/dev/… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=754126 | x_refsource_CONFIRM |
| http://secunia.com/advisories/46840 | third-party-advisoryx_refsource_SECUNIA |
| https://github.com/reviewboard/reviewboard/commit… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2011/11/15/9 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/11/15/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/50681 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2011-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4312",
"datePublished": "2011-11-24T02:00:00.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}