Djiblets Cross-site scripting Vulnerability via JSON Objects
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Sep 20, 2024
Description
Published by the National Vulnerability Database
Jun 16, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 16, 2023
Last updated
Sep 20, 2024
A cross-site scripting (XSS) vulnerability in
util/templatetags/djblets_js.pyin Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.References