Cross site scripting

2011-11-2404:01:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

CPENameOperatorVersion
review_boardeq1.5.1
review_boardeq1.5.4
review_boardeq1.0 rc1
review_boardeq1.0 alpha3
review_boardeq1.0.9
review_boardeq1.0 rc2
review_boardeq1.5 beta2
review_boardeq1.5.5
review_boardeq1.0.5.1
review_boardeq1.0.3

Name	Operator	Version
review_board	eq	1.5.1
review_board	eq	1.5.4
review_board	eq	1.0 rc1
review_board	eq	1.0 alpha3
review_board	eq	1.0.9
review_board	eq	1.0 rc2
review_board	eq	1.5 beta2
review_board	eq	1.5.5
review_board	eq	1.0.5.1
review_board	eq	1.0.3