Search criteria
16 vulnerabilities found for review_board by reviewboard
CVE-2021-31330 (GCVE-0-2021-31330)
Vulnerability from nvd – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
VLAI?
Summary
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
"refsource": "MISC",
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31330",
"datePublished": "2022-05-11T17:34:27",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4409 (GCVE-0-2013-4409)
Vulnerability from nvd – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
VLAI?
Summary
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Severity ?
No CVSS data available.
CWE
- eval() vulnerability
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Python Software Foundation; Beanbag | Djblets |
Affected:
0.7.21
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Djblets",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "0.7.21"
}
]
},
{
"product": "Review Board",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "before 1.7.15"
}
]
}
],
"datePublic": "2013-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "eval() vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T20:45:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4409",
"datePublished": "2019-11-04T20:45:44",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5028 (GCVE-0-2014-5028)
Vulnerability from nvd – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5028",
"datePublished": "2018-03-29T18:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5027 (GCVE-0-2014-5027)
Vulnerability from nvd – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60243"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68858"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5027",
"datePublished": "2014-07-25T19:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4795 (GCVE-0-2013-4795)
Vulnerability from nvd – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96170",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61750"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4795",
"datePublished": "2014-04-11T14:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4519 (GCVE-0-2013-4519)
Vulnerability from nvd – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63601"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"refsource": "OSVDB",
"url": "http://osvdb.org/99512"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"refsource": "OSVDB",
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4519",
"datePublished": "2013-11-15T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2209 (GCVE-0-2013-2209)
Vulnerability from nvd – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource": "CONFIRM",
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2209",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4312 (GCVE-0-2011-4312)
Vulnerability from nvd – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4312",
"datePublished": "2011-11-24T02:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31330 (GCVE-0-2021-31330)
Vulnerability from cvelistv5 – Published: 2022-05-11 17:34 – Updated: 2024-08-03 22:55
VLAI?
Summary
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:34:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/",
"refsource": "MISC",
"url": "https://mattschmidt.net/2021/04/14/review-board-xss-discovered/"
},
{
"name": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21/"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/",
"refsource": "MISC",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31330",
"datePublished": "2022-05-11T17:34:27",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4409 (GCVE-0-2013-4409)
Vulnerability from cvelistv5 – Published: 2019-11-04 20:45 – Updated: 2024-08-06 16:45
VLAI?
Summary
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
Severity ?
No CVSS data available.
CWE
- eval() vulnerability
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Python Software Foundation; Beanbag | Djblets |
Affected:
0.7.21
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Djblets",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "0.7.21"
}
]
},
{
"product": "Review Board",
"vendor": "Python Software Foundation; Beanbag",
"versions": [
{
"status": "affected",
"version": "before 1.7.15"
}
]
}
],
"datePublic": "2013-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "eval() vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T20:45:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4409"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88059"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4409",
"datePublished": "2019-11-04T20:45:44",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5028 (GCVE-0-2014-5028)
Vulnerability from cvelistv5 – Published: 2018-03-29 18:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692"
},
{
"name": "reviewboard-cve20145028-sec-bypass(94813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5028",
"datePublished": "2018-03-29T18:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5027 (GCVE-0-2014-5027)
Vulnerability from cvelistv5 – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/207"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4"
},
{
"name": "60243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60243"
},
{
"name": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases"
},
{
"name": "[oss-security] 20140722 Re: CVE requests for Review Board",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/219"
},
{
"name": "68858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68858"
},
{
"name": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27",
"refsource": "CONFIRM",
"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5027",
"datePublished": "2014-07-25T19:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4795 (GCVE-0-2013-4795)
Vulnerability from cvelistv5 – Published: 2014-04-11 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96170",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61750"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96170",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/96170"
},
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "54272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54272"
},
{
"name": "61750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61750"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18"
},
{
"name": "reviewboard-cve20134795-xss(86410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86410"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12"
},
{
"name": "20130808 ReviewBoard Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Aug/69"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4795",
"datePublished": "2014-04-11T14:00:00",
"dateReserved": "2013-07-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4519 (GCVE-0-2013-4519)
Vulnerability from cvelistv5 – Published: 2013-11-15 20:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55623"
},
{
"name": "63601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63601"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17"
},
{
"name": "99512",
"refsource": "OSVDB",
"url": "http://osvdb.org/99512"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21"
},
{
"name": "99513",
"refsource": "OSVDB",
"url": "http://osvdb.org/99513"
},
{
"name": "reviewboard-cve20134519-xss(88620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4519",
"datePublished": "2013-11-15T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2209 (GCVE-0-2013-2209)
Vulnerability from cvelistv5 – Published: 2013-07-31 10:00 – Updated: 2024-08-06 15:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-11T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard",
"refsource": "MISC",
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=977423",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=977423"
},
{
"name": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released/"
},
{
"name": "[oss-security] 20130624 Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user\u0027s full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/24/2"
},
{
"name": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf",
"refsource": "CONFIRM",
"url": "https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a80803ba1a55703db38fccdf7dbf"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17/"
},
{
"name": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/",
"refsource": "CONFIRM",
"url": "http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2209",
"datePublished": "2013-07-31T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4312 (GCVE-0-2011-4312)
Vulnerability from cvelistv5 – Published: 2011-11-24 02:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=754126"
},
{
"name": "46840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d"
},
{
"name": "FEDORA-2011-15935",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html"
},
{
"name": "[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/9"
},
{
"name": "[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 \u0026\u0026 v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/15/8"
},
{
"name": "50681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50681"
},
{
"name": "FEDORA-2011-15933",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4312",
"datePublished": "2011-11-24T02:00:00",
"dateReserved": "2011-11-04T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}