Vulnerability Database

308,819

Total vulnerabilities in the database

CVE-2014-3995

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

Published: Jun 16, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-3995
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
reviewboard / djblets	0.7.27	0.7.27.x
reviewboard / djblets	0.7.28	0.7.28.x
reviewboard / djblets	-	0.7.29.x
reviewboard / djblets	0.8.2	0.8.2.x
reviewboard / djblets	0.8.1	0.8.1.x

http://seclists.org/oss-sec/2014/q2/494
http://seclists.org/oss-sec/2014/q2/498
http://secunia.com/advisories/58691
https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd
https://github.com/djblets/djblets/commit/77ac64642ad530bf69e390c51fc6fdcb8914c8e7
https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo