Shodan
Vulnerabilities
Vulnerable Software
Reviewboard:  Security Vulnerabilities
CVE-2021-31330
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-05-11
CVE-2013-4796
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
CVSS Score
8.8
EPSS Score
0.006
Published
2019-12-27
CVE-2013-4411
Review Board: URL processing gives unauthorized users access to review lists
CVSS Score
4.3
EPSS Score
0.005
Published
2019-12-03
CVE-2013-4410
ReviewBoard: has an access-control problem in REST API
CVSS Score
7.5
EPSS Score
0.01
Published
2019-12-02
CVE-2013-4409
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-11-04
CVE-2014-5028
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-03-29
CVE-2014-5027
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-07-25
CVE-2014-3994
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-06-16
CVE-2014-3995
Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-06-16
CVE-2013-4795
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved