2 matches found
CVE-2014-3995
Cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...
CVE-2014-3995
Djblets gravatars.py XSS (CVE-2014-3995) affects Djblets for Django via user display name. The vulnerable code paths are in gravatars/templatetags/gravatars.py, with flaws present in versions before 0.7.30 and in 0.8.x before 0.8.3. Exploitation allows remote attackers to inject arbitrary web scr...