4.3

CVE-2011-4312

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ReviewboardReview Board Version <= 1.5.6
ReviewboardReview Board Version1.0
ReviewboardReview Board Version1.0 Updatealpha1
ReviewboardReview Board Version1.0 Updatealpha2
ReviewboardReview Board Version1.0 Updatealpha3
ReviewboardReview Board Version1.0 Updatealpha4
ReviewboardReview Board Version1.0 Updatebeta1
ReviewboardReview Board Version1.0 Updatebeta2
ReviewboardReview Board Version1.0 Updaterc1
ReviewboardReview Board Version1.0 Updaterc2
ReviewboardReview Board Version1.0 Updaterc3
ReviewboardReview Board Version1.0.1
ReviewboardReview Board Version1.0.2
ReviewboardReview Board Version1.0.3
ReviewboardReview Board Version1.0.4
ReviewboardReview Board Version1.0.5
ReviewboardReview Board Version1.0.5.1
ReviewboardReview Board Version1.0.6
ReviewboardReview Board Version1.0.7
ReviewboardReview Board Version1.0.8
ReviewboardReview Board Version1.0.9
ReviewboardReview Board Version1.1 Updatealpha1
ReviewboardReview Board Version1.1 Updatealpha2
ReviewboardReview Board Version1.5
ReviewboardReview Board Version1.5 Updatebeta1
ReviewboardReview Board Version1.5 Updatebeta2
ReviewboardReview Board Version1.5 Updaterc1
ReviewboardReview Board Version1.5 Updaterc2
ReviewboardReview Board Version1.5.1
ReviewboardReview Board Version1.5.2
ReviewboardReview Board Version1.5.3
ReviewboardReview Board Version1.5.4
ReviewboardReview Board Version1.5.5
ReviewboardReview Board Version1.6
ReviewboardReview Board Version1.6 Updatebeta1
ReviewboardReview Board Version1.6 Updatebeta2
ReviewboardReview Board Version1.6 Updaterc1
ReviewboardReview Board Version1.6 Updaterc2
ReviewboardReview Board Version1.6.1
ReviewboardReview Board Version1.6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.25% 0.808
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html
http://secunia.com/advisories/46840
http://www.openwall.com/lists/oss-security/2011/11/15/8
http://www.openwall.com/lists/oss-security/2011/11/15/9
http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/
http://www.securityfocus.com/bid/50681
https://bugzilla.redhat.com/show_bug.cgi?id=754126
https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d
Patch