CVE-2013-4795

Review Board <1.6.18, <1.7.12 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name.

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/96170

[Mailing List] http://seclists.org/bugtraq/2013/Aug/69

[Various Sources] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.18

[Various Sources] http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12

[Various Sources] http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86410

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61750

[Third Party Advisory] http://secunia.com/advisories/54272

Scores

EPSS 0.0050

EPSS Percentile 65.9%

Details

CWE

CWE-79

Status published

Products (30)

reviewboard/review_board

... and 20 more

Published Apr 11, 2014

Tracked Since Feb 18, 2026