CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2013-4519
https://notcve.org/view.php?id=CVE-2013-4519
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file. Múltiples vulnerabilidades de XSS en Review Board 1.6.x anterior a la versión 1.6.21 y 1.7.x anterior a 1.7.17 permite a atacantes remotos inyectar script web o HTML arbitrario a través del (1) campo Branch o (2) título de un archivo cargado. • http://osvdb.org/99512 http://osvdb.org/99513 http://secunia.com/advisories/55623 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.21 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.17 http://www.securityfocus.com/bid/63601 https://exchange.xforce.ibmcloud.com/vulnerabilities/88620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 1CVE-2013-2209
https://notcve.org/view.php?id=CVE-2013-2209
Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name. Vulnerabilidad XSS en el widget de autocompletado en enhtdocs/media/rb/js/reviews.js en Review Board 1.6.x anteior a 1.6.17 y 1.7.x anterior a 1.7.10, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un nombre completo. • http://www.openwall.com/lists/oss-security/2013/06/24/2 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.6.17 http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.10 http://www.reviewboard.org/news/2013/06/22/review-board-1617-and-1710-released http://www.tripwire.com/state-of-security/vulnerability-management/vulnerabilities-its-time-to-review-your-reviewboard https://bugzilla.redhat.com/show_bug.cgi?id=977423 https://github.com/reviewboard/reviewboard/commit/4aaacbb1e628a808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2011-4312
https://notcve.org/view.php?id=CVE-2011-4312
Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el sistema de comentarios de Review Board antes de v1.5.7 y 1.6.x antes de v1.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican los componentes (1) diff viewer o (2) screenshot • http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070091.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070176.html http://secunia.com/advisories/46840 http://www.openwall.com/lists/oss-security/2011/11/15/8 http://www.openwall.com/lists/oss-security/2011/11/15/9 http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3 http://www.securityfocus.com/bid/50681 https://bugzilla.redhat.com/show_bug.cgi?id=754126 https:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •