Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
References 9 Total
- http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/
- https://bugzilla.redhat.com/show_bug.cgi?id=754126
- secunia.com: 46840 third-party-advisory
- https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d
- lists.fedoraproject.org: FEDORA-2011-15935 vendor-advisory
- openwall.com: [oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) mailing-list
- openwall.com: [oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) mailing-list
- securityfocus.com: 50681 vdb-entry
- lists.fedoraproject.org: FEDORA-2011-15933 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 9 Total
- http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/ x_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=754126 x_transferred
- secunia.com: 46840 third-party-advisoryx_transferred
- https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d x_transferred
- lists.fedoraproject.org: FEDORA-2011-15935 vendor-advisoryx_transferred
- openwall.com: [oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) mailing-listx_transferred
- openwall.com: [oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) mailing-listx_transferred
- securityfocus.com: 50681 vdb-entryx_transferred
- lists.fedoraproject.org: FEDORA-2011-15933 vendor-advisoryx_transferred