VYPR
Moderate severityNVD Advisory· Published Jun 16, 2014· Updated Jun 17, 2026

CVE-2014-3995

CVE-2014-3995

Description

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjbletsPyPI
< 0.7.300.7.30
DjbletsPyPI
>= 0.8, < 0.8.30.8.3

Affected products

6
  • cpe:2.3:a:reviewboard:djblets:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:reviewboard:djblets:*:*:*:*:*:*:*:*range: <=0.7.29
    • cpe:2.3:a:reviewboard:djblets:0.7.27:*:*:*:*:*:*:*
    • cpe:2.3:a:reviewboard:djblets:0.7.28:*:*:*:*:*:*:*
    • cpe:2.3:a:reviewboard:djblets:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:reviewboard:djblets:0.8.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.7.30

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.