CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31330
https://notcve.org/view.php?id=CVE-2021-31330
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Se presenta una vulnerabilidad de tipo cross-Site Scripting (XSS) en las versiones de Review Board 3.0.20 y 4.0 RC1 y anteriores. Un atacante autenticado puede inyectar código Javascript malicioso cuando es usada la edición de Markdown dentro de la aplicación, que permanece persistente • https://mattschmidt.net/2021/04/14/review-board-xss-discovered https://www.reviewboard.org/docs/releasenotes/reviewboard/3.0.21 https://www.reviewboard.org/docs/releasenotes/reviewboard/4.0-rc-2 https://www.reviewboard.org/news/2021/04/14/review-board-3-0-21-and-4-0-rc-2-security-bug-fixes-and-docker • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •