Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for review_board by reviewboard

    CVE-2021-31330 (GCVE-0-2021-31330)

    Vulnerability from nvd – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
    VLAI
    Summary
    A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:55:53.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T17:34:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31330",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
                  "refsource": "MISC",
                  "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
                },
                {
                  "name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31330",
        "datePublished": "2022-05-11T17:34:27.000Z",
        "dateReserved": "2021-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:55:53.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4409 (GCVE-0-2013-4409)

    Vulnerability from nvd – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
    Severity
    No CVSS data available.
    CWE
    • eval() vulnerability
    Assigner
    Date Public
    2013-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:14.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/63029"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Djblets",
              "vendor": "Python Software Foundation; Beanbag",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.7.21"
                }
              ]
            },
            {
              "product": "Review Board",
              "vendor": "Python Software Foundation; Beanbag",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.7.15"
                }
              ]
            }
          ],
          "datePublic": "2013-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "eval() vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-04T20:45:44.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/63029"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4409",
        "datePublished": "2019-11-04T20:45:44.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:14.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5028 (GCVE-0-2014-5028)

    Vulnerability from nvd – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
    VLAI
    Summary
    The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:34:37.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
              },
              {
                "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
              },
              {
                "name": "reviewboard-cve20145028-sec-bypass(94813)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-29T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
            },
            {
              "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
            },
            {
              "name": "reviewboard-cve20145028-sec-bypass(94813)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
                },
                {
                  "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
                },
                {
                  "name": "reviewboard-cve20145028-sec-bypass(94813)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
                },
                {
                  "name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5028",
        "datePublished": "2018-03-29T18:00:00.000Z",
        "dateReserved": "2014-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:34:37.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5027 (GCVE-0-2014-5027)

    Vulnerability from nvd – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:34:37.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140721 CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
              },
              {
                "name": "60243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60243"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
              },
              {
                "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/219"
              },
              {
                "name": "68858",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68858"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-20T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140721 CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
            },
            {
              "name": "60243",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60243"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
            },
            {
              "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/219"
            },
            {
              "name": "68858",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68858"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140721 CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/207"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
                },
                {
                  "name": "60243",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60243"
                },
                {
                  "name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
                },
                {
                  "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/219"
                },
                {
                  "name": "68858",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68858"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5027",
        "datePublished": "2014-07-25T19:00:00.000Z",
        "dateReserved": "2014-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:34:37.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4795 (GCVE-0-2013-4795)

    Vulnerability from nvd – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/96170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
              },
              {
                "name": "54272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54272"
              },
              {
                "name": "61750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61750"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
              },
              {
                "name": "reviewboard-cve20134795-xss(86410)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
              },
              {
                "name": "20130808 ReviewBoard Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2013/Aug/69"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "96170",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/96170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
            },
            {
              "name": "54272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54272"
            },
            {
              "name": "61750",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/61750"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
            },
            {
              "name": "reviewboard-cve20134795-xss(86410)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
            },
            {
              "name": "20130808 ReviewBoard Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2013/Aug/69"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4795",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96170",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/96170"
                },
                {
                  "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
                  "refsource": "MISC",
                  "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
                },
                {
                  "name": "54272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54272"
                },
                {
                  "name": "61750",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/61750"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
                },
                {
                  "name": "reviewboard-cve20134795-xss(86410)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
                },
                {
                  "name": "20130808 ReviewBoard Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2013/Aug/69"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4795",
        "datePublished": "2014-04-11T14:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4519 (GCVE-0-2013-4519)

    Vulnerability from nvd – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/55623 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/63601 vdb-entryx_refsource_BID
    http://www.reviewboard.org/docs/releasenotes/revi… x_refsource_CONFIRM
    http://osvdb.org/99512 vdb-entryx_refsource_OSVDB
    http://www.reviewboard.org/docs/releasenotes/revi… x_refsource_CONFIRM
    http://osvdb.org/99513 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2013-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:15.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "55623",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55623"
              },
              {
                "name": "63601",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/63601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
              },
              {
                "name": "99512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/99512"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
              },
              {
                "name": "99513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/99513"
              },
              {
                "name": "reviewboard-cve20134519-xss(88620)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "55623",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55623"
            },
            {
              "name": "63601",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/63601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
            },
            {
              "name": "99512",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/99512"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
            },
            {
              "name": "99513",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/99513"
            },
            {
              "name": "reviewboard-cve20134519-xss(88620)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "55623",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55623"
                },
                {
                  "name": "63601",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/63601"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
                },
                {
                  "name": "99512",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/99512"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
                },
                {
                  "name": "99513",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/99513"
                },
                {
                  "name": "reviewboard-cve20134519-xss(88620)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4519",
        "datePublished": "2013-11-15T20:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:15.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2209 (GCVE-0-2013-2209)

    Vulnerability from nvd – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:27:41.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
              },
              {
                "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-11T13:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
            },
            {
              "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
                  "refsource": "MISC",
                  "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
                },
                {
                  "name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
                },
                {
                  "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
                },
                {
                  "name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2209",
        "datePublished": "2013-07-31T10:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:27:41.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4312 (GCVE-0-2011-4312)

    Vulnerability from nvd – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
              },
              {
                "name": "46840",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46840"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
              },
              {
                "name": "FEDORA-2011-15935",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
              },
              {
                "name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
              },
              {
                "name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
              },
              {
                "name": "50681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/50681"
              },
              {
                "name": "FEDORA-2011-15933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
            },
            {
              "name": "46840",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46840"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
            },
            {
              "name": "FEDORA-2011-15935",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
            },
            {
              "name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
            },
            {
              "name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
            },
            {
              "name": "50681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/50681"
            },
            {
              "name": "FEDORA-2011-15933",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4312",
        "datePublished": "2011-11-24T02:00:00.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31330 (GCVE-0-2021-31330)

    Vulnerability from cvelistv5 – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
    VLAI
    Summary
    A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:55:53.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-11T17:34:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-31330",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
                  "refsource": "MISC",
                  "url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
                },
                {
                  "name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
                  "refsource": "MISC",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-31330",
        "datePublished": "2022-05-11T17:34:27.000Z",
        "dateReserved": "2021-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:55:53.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4409 (GCVE-0-2013-4409)

    Vulnerability from cvelistv5 – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
    Severity
    No CVSS data available.
    CWE
    • eval() vulnerability
    Assigner
    Date Public
    2013-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:14.736Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-4409"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/63029"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Djblets",
              "vendor": "Python Software Foundation; Beanbag",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.7.21"
                }
              ]
            },
            {
              "product": "Review Board",
              "vendor": "Python Software Foundation; Beanbag",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.7.15"
                }
              ]
            }
          ],
          "datePublic": "2013-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "eval() vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-04T20:45:44.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-4409"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/63029"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4409",
        "datePublished": "2019-11-04T20:45:44.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:14.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5028 (GCVE-0-2014-5028)

    Vulnerability from cvelistv5 – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
    VLAI
    Summary
    The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:34:37.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
              },
              {
                "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
              },
              {
                "name": "reviewboard-cve20145028-sec-bypass(94813)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-29T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
            },
            {
              "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
            },
            {
              "name": "reviewboard-cve20145028-sec-bypass(94813)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
                },
                {
                  "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
                },
                {
                  "name": "reviewboard-cve20145028-sec-bypass(94813)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
                },
                {
                  "name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5028",
        "datePublished": "2018-03-29T18:00:00.000Z",
        "dateReserved": "2014-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:34:37.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5027 (GCVE-0-2014-5027)

    Vulnerability from cvelistv5 – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:34:37.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140721 CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/207"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
              },
              {
                "name": "60243",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60243"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
              },
              {
                "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/219"
              },
              {
                "name": "68858",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68858"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-20T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140721 CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/207"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
            },
            {
              "name": "60243",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60243"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
            },
            {
              "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/219"
            },
            {
              "name": "68858",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68858"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140721 CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/207"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
                },
                {
                  "name": "60243",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60243"
                },
                {
                  "name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
                },
                {
                  "name": "[oss-security] 20140722 Re: CVE requests for Review Board",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/219"
                },
                {
                  "name": "68858",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68858"
                },
                {
                  "name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
                  "refsource": "CONFIRM",
                  "url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5027",
        "datePublished": "2014-07-25T19:00:00.000Z",
        "dateReserved": "2014-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:34:37.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4795 (GCVE-0-2013-4795)

    Vulnerability from cvelistv5 – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/show/osvdb/96170"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
              },
              {
                "name": "54272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54272"
              },
              {
                "name": "61750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61750"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
              },
              {
                "name": "reviewboard-cve20134795-xss(86410)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
              },
              {
                "name": "20130808 ReviewBoard Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://seclists.org/bugtraq/2013/Aug/69"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "96170",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/show/osvdb/96170"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
            },
            {
              "name": "54272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54272"
            },
            {
              "name": "61750",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/61750"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
            },
            {
              "name": "reviewboard-cve20134795-xss(86410)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
            },
            {
              "name": "20130808 ReviewBoard Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://seclists.org/bugtraq/2013/Aug/69"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4795",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96170",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/show/osvdb/96170"
                },
                {
                  "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
                  "refsource": "MISC",
                  "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
                },
                {
                  "name": "54272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54272"
                },
                {
                  "name": "61750",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/61750"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
                },
                {
                  "name": "reviewboard-cve20134795-xss(86410)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
                },
                {
                  "name": "20130808 ReviewBoard Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://seclists.org/bugtraq/2013/Aug/69"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4795",
        "datePublished": "2014-04-11T14:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4519 (GCVE-0-2013-4519)

    Vulnerability from cvelistv5 – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/55623 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/63601 vdb-entryx_refsource_BID
    http://www.reviewboard.org/docs/releasenotes/revi… x_refsource_CONFIRM
    http://osvdb.org/99512 vdb-entryx_refsource_OSVDB
    http://www.reviewboard.org/docs/releasenotes/revi… x_refsource_CONFIRM
    http://osvdb.org/99513 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2013-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:15.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "55623",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55623"
              },
              {
                "name": "63601",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/63601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
              },
              {
                "name": "99512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/99512"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
              },
              {
                "name": "99513",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/99513"
              },
              {
                "name": "reviewboard-cve20134519-xss(88620)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "55623",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55623"
            },
            {
              "name": "63601",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/63601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
            },
            {
              "name": "99512",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/99512"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
            },
            {
              "name": "99513",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/99513"
            },
            {
              "name": "reviewboard-cve20134519-xss(88620)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-4519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "55623",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55623"
                },
                {
                  "name": "63601",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/63601"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
                },
                {
                  "name": "99512",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/99512"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
                },
                {
                  "name": "99513",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/99513"
                },
                {
                  "name": "reviewboard-cve20134519-xss(88620)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4519",
        "datePublished": "2013-11-15T20:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:15.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2209 (GCVE-0-2013-2209)

    Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:27:41.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
              },
              {
                "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-11T13:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
            },
            {
              "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-2209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
                  "refsource": "MISC",
                  "url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
                },
                {
                  "name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
                },
                {
                  "name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
                },
                {
                  "name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
                },
                {
                  "name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
                  "refsource": "CONFIRM",
                  "url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-2209",
        "datePublished": "2013-07-31T10:00:00.000Z",
        "dateReserved": "2013-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:27:41.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4312 (GCVE-0-2011-4312)

    Vulnerability from cvelistv5 – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
              },
              {
                "name": "46840",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46840"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
              },
              {
                "name": "FEDORA-2011-15935",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
              },
              {
                "name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
              },
              {
                "name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
              },
              {
                "name": "50681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/50681"
              },
              {
                "name": "FEDORA-2011-15933",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
            },
            {
              "name": "46840",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46840"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
            },
            {
              "name": "FEDORA-2011-15935",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
            },
            {
              "name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
            },
            {
              "name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
            },
            {
              "name": "50681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/50681"
            },
            {
              "name": "FEDORA-2011-15933",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4312",
        "datePublished": "2011-11-24T02:00:00.000Z",
        "dateReserved": "2011-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }