reviewboard CVE 脆弱性と CVE 一覧(13)

製品(CPE): — CVE 件数: 13

reviewboard 脆弱性概要

reviewboard 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting、パス処理の欠陥, and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and ファイル上書き などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 113 / 13 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2021-31330 A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. [email protected] 5.4 0.77% 2022-05-11 2026-06-16
CVE-2013-4796 ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request [email protected] 8.8 1.91% 2019-12-27 2026-06-16
CVE-2013-4411 Review Board: URL processing gives unauthorized users access to review lists [email protected] 4.3 1.35% 2019-12-03 2026-06-16
CVE-2013-4410 ReviewBoard: has an access-control problem in REST API [email protected] 7.5 2.42% 2019-12-02 2026-06-16
CVE-2013-4409 An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. [email protected] 9.8 3.04% 2019-11-04 2026-06-16
CVE-2014-5028 The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. [email protected] 6.5 1.73% 2018-03-29 2026-06-16
CVE-2014-5027 Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. [email protected] 4.3 1.32% 2014-07-25 2026-06-16
CVE-2014-3995 Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name. [email protected] 4.3 2.08% 2014-06-16 2026-06-16
CVE-2014-3994 Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. [email protected] 4.3 2.39% 2014-06-16 2026-06-16
CVE-2013-4795 Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. [email protected] 4.3 1.38% 2014-04-11 2026-06-16
CVE-2013-4519 Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file. [email protected] 4.3 2.02% 2013-11-18 2026-06-16
CVE-2013-2209 Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. [email protected] 4.3 2.16% 2013-07-31 2026-06-16
CVE-2011-4312 Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. [email protected] 4.3 2.34% 2011-11-23 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence