Published: 24/11/2011 Updated: 14/02/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board prior to 1.5.7 and 1.6.x prior to 1.6.3 allow remote malicious users to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
reviewboard review board
reviewboard review board 1.5.5
reviewboard review board 1.5
reviewboard review board 1.0.9
reviewboard review board 1.0.8
reviewboard review board 1.0.1
reviewboard review board 1.0
reviewboard review board 1.5.4
reviewboard review board 1.5.3
reviewboard review board 1.1
reviewboard review board 1.0.7
reviewboard review board 1.0.6
reviewboard review board 1.0.5.1
reviewboard review board 1.6.2
reviewboard review board 1.5.2
reviewboard review board 1.5.1
reviewboard review board 1.6
reviewboard review board 1.0.5
reviewboard review board 1.0.4
reviewboard review board 1.6.1
reviewboard review board 1.0.3
reviewboard review board 1.0.2

CWE-79 http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d https://bugzilla.redhat.com/show_bug.cgi?id=754126 http://www.openwall.com/lists/oss-security/2011/11/15/8 http://www.openwall.com/lists/oss-security/2011/11/15/9 http://secunia.com/advisories/46840 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html http://www.securityfocus.com/bid/50681 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html https://nvd.nist.gov

CVE-2011-4312

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect