NVD

Id
32061  
Name
CVE-2014-3994  
Description
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-06-16  
Modified Date
2016-08-23  
Seq
2014-3994  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
168694 32061 CVE-2014-3994 [oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)  View
168695 32061 CVE-2014-3994 [oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)  View
168696 32061 CVE-2014-3994 67932  View
168697 32061 CVE-2014-3994 https://code.google.com/p/reviewboard/issues/detail?id=3406  View
168698 32061 CVE-2014-3994 https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd  View
168699 32061 CVE-2014-3994 https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e  View
168700 32061 CVE-2014-3994 https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14071 JVNDB-2014-002946 Review Board で使用される Django 用 Djblets におけるクロスサイトスクリプティングの脆弱性 Review Board で使用される Django 用 Djblets の util/templatetags/djblets_js.py には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-3994 71282 CVE-2014-3994 32061 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002946.html 2014-06-06 2014-06-18 View