CVE-2014-3995CVE-2014-3995

Affected configuration(s):

cpe:/a:reviewboard:djblets:0.7.27
cpe:/a:reviewboard:djblets:0.7.28
cpe:/a:reviewboard:djblets:0.7.29
cpe:/a:reviewboard:djblets:0.8.1
cpe:/a:reviewboard:djblets:0.8.2

Date published: 2014-06-16T14:55:09.497-04:00

Date last modified: 2014-06-17T10:22:48.647-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2014/q2/494

Summary: Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.