Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets prior to 0.7.30 and 0.8.x prior to 0.8.3 for Django, as used in Review Board, allows remote malicious users to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
reviewboard djblets 0.8.2 |
||
reviewboard djblets 0.8.1 |
||
reviewboard djblets |
||
reviewboard djblets 0.7.28 |
||
reviewboard reviewboard - |
||
reviewboard djblets 0.7.27 |