Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w7rq-8f2g-jvqr

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1

Описание

Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.

Ссылки

Пакеты

Наименование

Djblets

pip
Затронутые версииВерсия исправления

< 0.7.30

0.7.30

Наименование

Djblets

pip
Затронутые версииВерсия исправления

>= 0.8, < 0.8.3

0.8.3

EPSS

Процентиль: 69%
0.00588
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2014-3994

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2014-3994

ubuntu
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.

nvd логотип

CVE-2014-3994

nvd
больше 11 лет назад

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.

EPSS

Процентиль: 69%
0.00588
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2014-3994

Дефекты

CWE-79