CVE-2014-3995

2014-06-1618:55:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3995

cross-site scripting

xss vulnerability

gravatars

templatetags

djblets

django

web script

html

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

Affected configurations

NVD

Node

reviewboarddjbletsRange≤0.7.29

reviewboarddjbletsMatch0.7.27

reviewboarddjbletsMatch0.7.28

reviewboarddjbletsMatch0.8.1

reviewboarddjbletsMatch0.8.2

CPENameOperatorVersion
reviewboard:djbletsreviewboard djbletsle0.7.29
reviewboard:djbletsreviewboard djbletseq0.7.27
reviewboard:djbletsreviewboard djbletseq0.7.28
reviewboard:djbletsreviewboard djbletseq0.8.1
reviewboard:djbletsreviewboard djbletseq0.8.2

CPE	Name	Operator	Version
reviewboard:djblets	reviewboard djblets	le	0.7.29
reviewboard:djblets	reviewboard djblets	eq	0.7.27
reviewboard:djblets	reviewboard djblets	eq	0.7.28
reviewboard:djblets	reviewboard djblets	eq	0.8.1
reviewboard:djblets	reviewboard djblets	eq	0.8.2