VDB
GCVE-110-MAGEIA-2014-462
GCVE-110-MAGEIA-2014-462
Advisory Published
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py
in Djblets before 0.7.30 for Django, as used in Review Board, allows remote
attackers to inject arbitrary web script or HTML via a JSON object, as
demonstrated by the name field when changing a user name (CVE-2014-3994).
Cross-site scripting (XSS) vulnerability in
gravatars/templatetags/gravatars.py in Djblets before 0.7.30 Django allows
remote attackers to inject arbitrary web script or HTML via a user display
name (CVE-2014-3995).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-djblets | 0 (affected), 0.7.30-1.1.mga4 (unaffected) | — |
Aliases
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.