Reviewboard
Products
2- Reviewboard11 CVEspypi
- Djblets2 CVEspypi
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4796 | Hig | 0.57 | 8.8 | 0.02 | Dec 27, 2019 | ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request | ||
| CVE-2013-4410 | Hig | 0.49 | 7.5 | 0.02 | Dec 2, 2019 | ReviewBoard: has an access-control problem in REST API | ||
| CVE-2014-5028 | Med | 0.42 | 6.5 | 0.02 | Mar 29, 2018 | The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. | ||
| CVE-2021-31330 | Med | 0.35 | 5.4 | 0.01 | May 11, 2022 | A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. | ||
| CVE-2013-4411 | Med | 0.28 | 4.3 | 0.01 | Dec 3, 2019 | Review Board: URL processing gives unauthorized users access to review lists | ||
| CVE-2014-5027 | 0.00 | — | 0.01 | Jul 25, 2014 | Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. | |||
| CVE-2014-3995 | 0.00 | — | 0.02 | Jun 16, 2014 | Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. | |||
| CVE-2014-3994 | 0.00 | — | 0.02 | Jun 16, 2014 | Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field… | |||
| CVE-2013-4795 | 0.00 | — | 0.01 | Apr 11, 2014 | Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. | |||
| CVE-2013-4519 | 0.00 | — | 0.02 | Nov 19, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file. | |||
| CVE-2013-2209 | 0.00 | — | 0.02 | Jul 31, 2013 | Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. | |||
| CVE-2011-4312 | 0.00 | — | 0.02 | Nov 24, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. |
- risk 0.57cvss 8.8epss 0.02
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
- risk 0.49cvss 7.5epss 0.02
ReviewBoard: has an access-control problem in REST API
- risk 0.42cvss 6.5epss 0.02
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
- risk 0.35cvss 5.4epss 0.01
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
- risk 0.28cvss 4.3epss 0.01
Review Board: URL processing gives unauthorized users access to review lists
- CVE-2014-5027Jul 25, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
- CVE-2014-3995Jun 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.
- CVE-2014-3994Jun 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field…
- CVE-2013-4795Apr 11, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
- CVE-2013-4519Nov 19, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
- CVE-2013-2209Jul 31, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
- CVE-2011-4312Nov 24, 2011risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.