QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4312

Published: Nov 24, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=754126

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d

x_refsource_CONFIRM

FEDORA-2011-15935

vendor-advisory

x_refsource_FEDORA

[oss-security] 20111115 Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)

mailing-list

x_refsource_MLIST

[oss-security] 20111115 CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components)

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

FEDORA-2011-15933

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.