CVE-2014-3995

Published: Jun 16, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)

mailing-list

x_refsource_MLIST

[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)

mailing-list

x_refsource_MLIST

https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7

x_refsource_CONFIRM

58691

third-party-advisory

x_refsource_SECUNIA

https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf

x_refsource_CONFIRM

https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-3995

Description

Affected Products

References