Summary: | <dev-util/reviewboard-1.7.28: Multiple Vulnerabilities (CVE-2014-{3994,5027,5028}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.26/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
2014-07-27 03:14:57 UTC
CVE-2014-5027 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5027): Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. CVE-2014-3994 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3994): Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. Please upgrade in bug 522472 to Version 1.7.27 or above. Maintainer(s), Thank you for your work. No GLSA needed as there are no stable versions. |