Uchida

**Name of the Vulnerable Software and Affected Versions** Review Board versions 1.7.x through 1.7.26 Review Board versions 2.0.x through 2.0.3 **Description** The issue allows remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids. **Recommendations** For Review Board versions 1.7.x through 1.7.26, update to version 1.7.27 or later. For Review Board versions 2.0.x through 2.0.3, update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Review Board versions 1.7.x through 1.7.26 Review Board versions 2.0.x through 2.0.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. **Recommendations** For Review Board versions 1.7.x through 1.7.26, update to version 1.7.27 or later. For Review Board versions 2.0.x through 2.0.3, update to version 2.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Djblets versions 0.7.x through 0.7.29 Djblets versions 0.8.x through 0.8.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a JSON object. This can be demonstrated by the `name` field when changing a user name. **Recommendations** For Djblets versions 0.7.x through 0.7.29, update to version 0.7.30 or later. For Djblets versions 0.8.x through 0.8.2, update to version 0.8.3 or later.